cri-tools vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the cri-tools package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M NULL Pointer Dereference	*
H Improper Validation of Syntactic Correctness of Input	*
H Improper Certificate Validation	*
M Allocation of Resources Without Limits or Throttling	*
H Directory Traversal	<0:1.33.0-1.el9
M CVE-2025-68121	*
M Resource Exhaustion	*
M Directory Traversal	*
H Allocation of Resources Without Limits or Throttling	*
M Improper Certificate Validation	*
H Excessive Platform Resource Consumption within a Loop	*
L CVE-2025-58186	*
M Resource Exhaustion	*
H Creation of Temporary File With Insecure Permissions	<0:1.26.0-7.el9
H Directory Traversal	<0:1.26.0-7.el9
H Directory Traversal	<0:1.26.0-7.el9
H Link Following	<0:1.26.0-7.el9
H Improperly Controlled Sequential Memory Allocation	<0:1.26.0-7.el9
H Uncontrolled Recursion	<0:1.26.0-7.el9
H Uncontrolled Recursion	<0:1.26.0-7.el9
M Reachable Assertion	*
H Link Following	<0:1.27.0-7.el9
H Link Following	<0:1.27.0-7.el9
H Link Following	<0:1.27.0-7.el9
H HTTP Request Smuggling	<0:1.27.0-7.el9
M Creation of Immutable Text Using String Concatenation	*
H Allocation of Resources Without Limits or Throttling	*
M Allocation of Resources Without Limits or Throttling	*
M Allocation of Resources Without Limits or Throttling	*
M Improper Output Neutralization for Logs	*
M Expected Behavior Violation	*
M Expected Behavior Violation	*
M Time-of-check Time-of-use (TOCTOU)	*
M HTTP Request Smuggling	<0:1.29.0-7.el9
M HTTP Request Smuggling	<0:1.31.1-4.el9
H Improper Certificate Validation	<0:1.30.0-6.el9
H HTTP Request Smuggling	<0:1.30.0-6.el9
M HTTP Request Smuggling	<0:1.32.0-2.el9
M CVE-2025-4673	*
M Cross-site Scripting (XSS)	*
M Improper Input Validation	*
M Resource Exhaustion	*
M Information Exposure	*
L Improper Verification of Cryptographic Signature	*
M Information Exposure	*
M Use of Uninitialized Variable	*
H Resource Exhaustion	<0:1.27.0-2.1.el9
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:1.26.0-2.el9
H Improper Validation of Integrity Check Value	<0:1.29.0-3.1.el9
H Resource Exhaustion	<0:1.29.0-3.1.el9
H Misinterpretation of Input	<0:1.29.0-3.1.el9
H Information Exposure	<0:1.29.0-3.1.el9
H Incorrect Behavior Order	<0:1.29.0-3.1.el9
H Improper Validation of Integrity Check Value	<0:1.29.0-3.1.el9
H Resource Exhaustion	<0:1.29.0-3.1.el9
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:1.29.0-3.1.el9
H Arbitrary Code Injection	<0:1.29.0-3.1.el9
H Misinterpretation of Input	<0:1.29.0-3.1.el9
H Improper Certificate Validation	<0:1.29.0-3.1.el9
H Improper Input Validation	<0:1.29.0-3.1.el9
H Information Exposure	<0:1.29.0-3.1.el9
H Incorrect Behavior Order	<0:1.29.0-3.1.el9
M Cross-site Scripting (XSS)	<0:1.27.0-2.1.el9
H Resource Exhaustion	<0:1.27.0-2.1.el9
H Cross-site Scripting (XSS)	<0:1.27.0-2.1.el9
H Resource Exhaustion	<0:1.27.0-2.1.el9
H Allocation of Resources Without Limits or Throttling	<0:1.27.0-2.1.el9
H Buffer Access with Incorrect Length Value	<0:1.27.0-2.1.el9
H Cross-site Scripting (XSS)	<0:1.27.0-2.1.el9
H Cross-site Scripting (XSS)	<0:1.27.0-2.1.el9
H Resource Exhaustion	<0:1.27.0-2.1.el9
H Resource Exhaustion	<0:1.27.0-2.1.el9
H Use of a Broken or Risky Cryptographic Algorithm	<0:1.27.0-2.1.el9
H Use After Free	<0:1.27.0-2.1.el9
H CVE-2023-2728	<0:1.27.0-2.1.el9
H CVE-2023-2727	<0:1.27.0-2.1.el9
H Resource Exhaustion	<0:1.27.0-2.1.el9
H Memory Leak	<0:1.26.0-4.2.el9
H Resource Exhaustion	<0:1.27.0-3.2.el9
H Improper Handling of Highly Compressed Data (Data Amplification)	<0:1.27.0-3.1.el9
H Memory Leak	<0:1.27.0-3.2.el9
H Improper Handling of Highly Compressed Data (Data Amplification)	<0:1.25.0-2.2.el9
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:1.25.0-2.2.el9
H Memory Leak	<0:1.25.0-2.2.el9
H Improper Handling of Highly Compressed Data (Data Amplification)	<0:1.28.0-3.1.el9
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:1.28.0-3.1.el9
H Memory Leak	<0:1.28.0-3.1.el9
H Improper Certificate Validation	<0:1.29.0-3.1.el9
H Improper Input Validation	<0:1.29.0-3.1.el9
H Truncation of Security-relevant Information	<0:1.28.0-3.el9
H Information Exposure	<0:1.28.0-3.el9
H Resource Exhaustion	<0:1.28.0-3.el9
H Resource Exhaustion	<0:1.28.0-3.el9
H Arbitrary Code Injection	<0:1.26.0-2.el9
M Information Exposure	<0:1.28.0-3.el9
M Allocation of Resources Without Limits or Throttling	*
M Allocation of Resources Without Limits or Throttling	*
H Resource Exhaustion	<0:1.27.0-2.1.el9
H Resource Exhaustion	<0:1.27.0-2.1.el9
M Buffer Access with Incorrect Length Value	<0:1.27.0-2.1.el9
M Cross-site Scripting (XSS)	<0:1.27.0-2.1.el9
M Allocation of Resources Without Limits or Throttling	<0:1.27.0-2.1.el9
M Cross-site Scripting (XSS)	<0:1.27.0-2.1.el9
M Resource Exhaustion	<0:1.27.0-2.1.el9
H Directory Traversal	<0:1.26.0-2.el9
H Improper Handling of Unicode Encoding	<0:1.26.0-2.el9
H Improper Handling of Unicode Encoding	<0:1.26.0-2.el9
H Improper Handling of Unicode Encoding	<0:1.26.0-2.el9
H Improper Handling of Unicode Encoding	<0:1.26.0-2.el9
H Improper Handling of Unicode Encoding	<0:1.26.0-2.el9
H Resource Exhaustion	<0:1.26.0-2.el9
H Resource Exhaustion	<0:1.26.0-2.el9
M Improper Certificate Validation	<0:1.25.0-2.el9
M Incorrect Default Permissions	<0:1.25.0-2.el9
M Improper Initialization	<0:1.25.0-2.el9
M Server-Side Request Forgery (SSRF)	<0:1.25.0-2.el9
M Directory Traversal	<0:1.25.0-2.el9
M Improper Access Control	<0:1.25.0-2.el9
M Resource Exhaustion	<0:1.25.0-2.el9
M Improper Validation of Array Index	*
H Resource Exhaustion	<0:1.26.0-2.el9
H Resource Exhaustion	<0:1.26.0-2.el9
H Resource Exhaustion	*
M Algorithmic Complexity	*
M CVE-2022-41715	<0:1.25.0-2.el9
M CVE-2022-41715	<0:1.25.0-2.el9
M Allocation of Resources Without Limits or Throttling	<0:1.25.0-2.el9
M HTTP Request Smuggling	<0:1.25.0-2.el9
M HTTP Request Smuggling	<0:1.25.0-2.el9
M Directory Traversal	<0:1.25.0-2.el9
M Resource Exhaustion	<0:1.25.0-2.el9
M Resource Exhaustion	<0:1.25.0-2.el9
M Information Exposure	<0:1.25.0-2.el9
M Improperly Controlled Sequential Memory Allocation	<0:1.25.0-2.el9
M HTTP Request Smuggling	<0:1.25.0-2.el9
L Insufficient Entropy	*
M Integer Overflow or Wraparound	*
M Buffer Overflow	*
H Use of a Broken or Risky Cryptographic Algorithm	<0:1.26.0-2.el9
H Use of a Broken or Risky Cryptographic Algorithm	<0:1.26.0-2.el9
M Resource Exhaustion	*
M Unchecked Return Value	*
M Incorrect Privilege Assignment	*
M Integer Overflow or Wraparound	*
M Information Exposure	*
M Race Condition	*
L Improper Input Validation	*
M Resource Exhaustion	*
M Improper Input Validation	*
M Improper Input Validation	*
M Incorrect Calculation	*
M Improper Certificate Validation	*
L Race Condition	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
M HTTP Request Smuggling	*
H Resource Exhaustion	*
H Resource Exhaustion	*
L Improper Input Validation	*
L Allocation of Resources Without Limits or Throttling	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*

Vulnerability

Vulnerable Version

NULL Pointer Dereference