<p>Upgrade <code>Wolfi</code> <code>ctop</code> to version 0.7.7-r13 or higher.</p>

Resource Exhaustion Affecting ctop package, versions <0.7.7-r13

Threat Intelligence

0.05% (16^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-WOLFILATEST-CTOP-6597023
published 11 Apr 2024
disclosed 9 Jun 2022

Report a new vulnerability Found a mistake?

Introduced: 9 Jun 2022

CVE-2022-31030 Open this link in a new tab CWE-400 Open this link in a new tab

How to fix?

Upgrade Wolfi ctop to version 0.7.7-r13 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream ctop package and not the ctop package as distributed by Wolfi. See How to fix? for Wolfi relevant fixed versions and status.

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; ExecSync may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Local
Attack Complexity (AC)

Low
Privileges Required (PR)

Low
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

None
Integrity (I)

None
Availability (A)

High