Resource Exhaustion Affecting docker package, versions <20.10.17_ce-150000.166.1


Severity

Recommended
0.0
medium
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.05% (16th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Resource Exhaustion vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-SLES150-DOCKER-2946633
  • published10 Jul 2022
  • disclosed8 Jul 2022

Introduced: 8 Jul 2022

CVE-2022-31030  (opens in a new tab)
CWE-400  (opens in a new tab)

How to fix?

Upgrade SLES:15.0 docker to version 20.10.17_ce-150000.166.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream docker package and not the docker package as distributed by SLES. See How to fix? for SLES:15.0 relevant fixed versions and status.

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; ExecSync may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used.

CVSS Scores

version 3.1