发布时间: 2025年1月17日
修改时间: 2025年1月17日
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
NVD | openEuler | |
---|---|---|
Confidentiality | None | None |
Attack Vector | Network | Network |
CVSS评分 | 6.5 | 6.5 |
Attack Complexity | Low | Low |
Privileges Required | Low | Low |
Scope | Unchanged | Unchanged |
Integrity | None | None |
User Interaction | None | None |
Availability | High | High |
公告名 | 概要 | 发布时间 |
---|---|---|
KylinSec-SA-2025-1606 | podman security update | 2025年3月18日 |
产品 | 包 | 状态 |
---|---|---|
V6 | podman | Fixed |