Search CVE reports
1 – 10 of 29 results
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
7 affected packages
containerd, google-guest-agent, golang-golang-x-net, golang-golang-x-net-dev, adsys...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| containerd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| google-guest-agent | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-golang-x-net | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| adsys | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| juju-core | Not in release | Not in release | Not in release | — | — |
| lxd | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
7 affected packages
lxd, golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| lxd | Not in release | Not in release | Not in release | Not affected | Not affected |
| golang-golang-x-net | Not affected | Not affected | Not affected | — | — |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
| containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Not affected | Not affected |
| adsys | Vulnerable | Not affected | Not affected | Not affected | — |
| juju-core | Not in release | Not in release | Not in release | — | — |
Some fixes available 8 of 10
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net | Vulnerable | Fixed | Fixed | — | — |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
| containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Fixed | Fixed |
| adsys | Not affected | Not affected | Not affected | Not affected | — |
| juju-core | Not in release | Not in release | Not in release | — | — |
| lxd | Not in release | Not in release | Not in release | Not affected | Fixed |
Some fixes available 8 of 10
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net | Vulnerable | Fixed | Fixed | — | — |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
| containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Fixed | Fixed |
| adsys | Not affected | Not affected | Not affected | Not affected | — |
| juju-core | Not in release | Not in release | Not in release | — | — |
| lxd | Not in release | Not in release | Not in release | Not affected | Fixed |
Some fixes available 10 of 12
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can...
2 affected packages
containerd, containerd-app
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| containerd | Not affected | Fixed | Fixed | Fixed | Fixed |
| containerd-app | Not affected | Fixed | Fixed | Fixed | — |
Some fixes available 10 of 12
containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability....
2 affected packages
containerd, containerd-app
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| containerd | Not affected | Fixed | Fixed | Fixed | Fixed |
| containerd-app | Not affected | Fixed | Fixed | Fixed | — |
Some fixes available 2 of 5
containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under...
2 affected packages
containerd, containerd-app
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
| containerd-app | Fixed | Not affected | Not affected | Not affected | — |
containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify...
2 affected packages
containerd, containerd-app
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| containerd | — | Not affected | Not affected | Not affected | Not affected |
| containerd-app | — | Not affected | Not affected | Not affected | — |
Some fixes available 8 of 14
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing,...
7 affected packages
golang-golang-x-net-dev, golang-golang-x-net, google-guest-agent, containerd, adsys...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Fixed | Fixed |
| golang-golang-x-net | Not affected | Fixed | Fixed | Not in release | Not in release |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
| containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
| adsys | Not affected | Not affected | Not affected | Not affected | — |
| juju-core | — | — | — | — | — |
| lxd | — | — | — | Not affected | Fixed |
Some fixes available 12 of 14
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can...
2 affected packages
containerd, containerd-app
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| containerd | Not affected | Fixed | Fixed | Fixed | Fixed |
| containerd-app | Fixed | Fixed | Fixed | Fixed | — |