Integer Overflow or Wraparound in kots-compat | CVE-2024-40635

Threat Intelligence

0.06% (20^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Integer Overflow or Wraparound vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-CHAINGUARDLATEST-KOTSCOMPAT-14913054
published12 Jan 2026
disclosed17 Mar 2025

Report a new vulnerability Found a mistake?

Introduced: 17 Mar 2025

CVE-2024-40635 (opens in a new tab) CWE-190 (opens in a new tab)

Amendment

The Chainguard security team deemed this advisory irrelevant for Chainguard:latest.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kots-compat package and not the kots-compat package as distributed by Chainguard.

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

Integer Overflow or Wraparound The advisory has been revoked - it doesn't affect any version of package kots-compat (opens in a new tab)