Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4243029551177D38D7DECB1906EE9900DDA18B9582F907F1CB7E121308F40F6E
HistoryJan 09, 2024 - 3:40 p.m.

Security Bulletin: Multiple vulnerabilities in containerd may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2022-31030, CVE-2022-23471)

2024-01-0915:40:14
www.ibm.com
20
containerd
ibm decision optimization
ibm cloud pak for data
cve-2022-31030
cve-2022-23471
denial of service
upgrade
security bulletin

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

41.0%

JSON

Summary

There are multiple vulnerabilities in containerd used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2022-31030
**DESCRIPTION:**containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a local authenticated attacker could exploit this vulnerability to cause containerd to consume all available memory on the computer, and results in a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228282 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-23471
**DESCRIPTION:**containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to exhaust memory on the host, and results in a denial of service condition.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241615 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Decision Optimization for Cloud Pak for Data All

Remediation/Fixes

Users are strongly encouraged to upgrade to IBM Decision Optimization for IBM Cloud Pak for Data 4.8 and subsequent releases.
Here is the detailed information on Upgrading IBM Cloud Pak for Data

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_for_dataMatchany
VendorProductVersionCPE
ibmcloud_pak_for_dataanycpe:2.3:a:ibm:cloud_pak_for_data:any:*:*:*:*:*:*:*

Related

nessus 49
osv 14
ubuntu 2
openvas 34
fedora 11
cnvd 1
veracode 2
mageia 2
debiancve 2
redos 1
nvd 2
alpinelinux 2
cbl_mariner 4
prion 2
github 2
cgr 2
ubuntucve 2
ibm 20
cve 2
amazon 1
wolfi 2
cvelist 2
gentoo 1
photon 17
debian 1
suse 1
ics 1
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : containerd vulnerabilities (USN-5776-1)
2022-12-13 00:00:00
Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2022-020)
2022-06-10 00:00:00
EulerOS 2.0 SP11 : containerd (EulerOS-SA-2023-1421)
2023-03-07 00:00:00
osv
osv
containerd vulnerabilities
2022-12-13 08:35:00
CGA-4j6m-x8x3-4rqj
2024-06-06 12:23:39
containerd CRI stream server vulnerable to host memory exhaustion via terminal in github.com/containerd/containerd
2024-08-21 16:03:26
ubuntu
ubuntu
containerd vulnerabilities
2022-12-13 00:00:00
containerd vulnerabilities
2022-07-15 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5776-1)
2022-12-15 00:00:00
Fedora: Security Advisory for golang-github-containernetworking-cni (FEDORA-2022-725ac93b48)
2022-06-17 00:00:00
Fedora: Security Advisory for golang-github-containerd-cni (FEDORA-2022-725ac93b48)
2022-06-17 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: golang-github-containerd-cni-1.1.6-1.fc35
2022-06-16 01:27:15
[SECURITY] Fedora 35 Update: golang-github-containernetworking-cni-1.1.1-1.fc35
2022-06-16 01:27:15
[SECURITY] Fedora 36 Update: containerd-1.6.6-1.fc36
2022-06-16 01:21:34
cnvd
cnvd
Apache containerd resource management error vulnerability
2022-06-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-06-07 08:26:24
Denial Of Service (DoS)
2022-12-08 03:54:08
mageia
mageia
Updated docker-containerd packages fix security vulnerability
2022-06-13 23:44:20
Updated docker-containerd packages fix security vulnerability
2023-08-23 22:56:41
debiancve
debiancve
CVE-2022-23471
2022-12-07 23:15:09
CVE-2022-31030
2022-06-09 14:15:08
redos
redos
ROS-20221223-01
2022-12-23 00:00:00
nvd
nvd
CVE-2022-23471
2022-12-07 23:15:09
CVE-2022-31030
2022-06-09 14:15:08
alpinelinux
alpinelinux
CVE-2022-23471
2022-12-07 23:15:09
CVE-2022-31030
2022-06-09 14:15:08
cbl_mariner
cbl_mariner
CVE-2022-23471 affecting package moby-containerd 1.6.6+azure-4
2022-12-27 17:56:02
CVE-2022-31030 affecting package moby-containerd 1.5.9+azure-7
2022-07-14 21:00:08
CVE-2022-23471 affecting package moby-containerd for versions less than 1.6.12-3
2023-01-03 20:57:21
prion
prion
Command injection
2022-12-07 23:15:00
Design/Logic Flaw
2022-06-09 14:15:00
github
github
containerd CRI plugin: Host memory exhaustion through ExecSync
2022-06-06 22:07:10
containerd CRI stream server vulnerable to host memory exhaustion via terminal
2022-12-07 23:23:43
cgr
cgr
CVE-2022-23471 vulnerabilities
2024-05-19 03:07:16
CVE-2022-31030 vulnerabilities
2024-05-19 03:07:16
ubuntucve
ubuntucve
CVE-2022-23471
2022-12-08 00:00:00
CVE-2022-31030
2022-06-09 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in containerd affects Data Replication on Cloud Pak for Data
2024-06-28 12:42:05
Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2022-31030)
2022-06-24 15:36:10
Security Bulletin: A vulnerability in containerd affects Data Replication on Cloud Pak for Data
2024-06-28 12:42:44
cve
cve
CVE-2022-23471
2022-12-07 23:15:09
CVE-2022-31030
2022-06-09 14:15:08
amazon
amazon
Medium: containerd
2022-06-06 19:52:00
wolfi
wolfi
CVE-2022-31030 vulnerabilities
2024-09-28 21:12:41
CVE-2022-23471 vulnerabilities
2024-09-28 21:12:41
cvelist
cvelist
CVE-2022-31030 containerd CRI plugin: Host memory exhaustion through ExecSync
2022-06-06 00:00:00
CVE-2022-23471 containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak
2022-12-07 22:51:34
gentoo
gentoo
containerd: Multiple Vulnerabilities
2024-01-31 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0483
2022-06-07 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0429
2023-07-18 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0618
2023-07-26 00:00:00
debian
debian
[SECURITY] [DSA 5162-1] containerd security update
2022-06-12 17:51:32
suse
suse
Security update for containerd, docker and runc (important)
2022-07-08 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

41.0%

JSON
Related for 4243029551177D38D7DECB1906EE9900DDA18B9582F907F1CB7E121308F40F6E
nessus49osv14ubuntu2openvas34fedora11cnvd1veracode2mageia2debiancve2redos1nvd2alpinelinux2cbl_mariner4prion2github2cgr2ubuntucve2ibm20cve2amazon1wolfi2cvelist2gentoo1photon17debian1suse1ics1