Integer Overflow or Wraparound Affecting github.com/containerd/containerd/v2/pkg/oci package, versions <2.0.4
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-GOLANG-GITHUBCOMCONTAINERDCONTAINERDV2PKGOCI-9479987
- published18 Mar 2025
- disclosed17 Mar 2025
- creditBenjamin Koltermann, emxll
Introduced: 17 Mar 2025
NewCVE-2024-40635 Â (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade github.com/containerd/containerd/v2/pkg/oci to version 2.0.4 or higher.
Overview
Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the WithUser() function, when handling large User ID values. If a UID:GID value provided is larger than MaxInt32, it can overflow to 0 and be treated as root. This allows a user to escalate privileges on the system in which the container is running.