GHSA-xhf5-7wjv-pqxp
containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull
Details
### Impact A bug was found in containerd where the CRI plugin propagates labels from an image config (`LABEL` instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations.
### Patches This bug has been fixed in the following containerd versions:
* 2.3.2 * 2.2.5 * 2.1.9 * 2.0.10 * 1.7.33
Users should update to these versions to resolve the issue.
### Workarounds Ensure that only trusted images are used.
### Credits The containerd project would like to thank Anthropic Research, in collaboration with Claude, the GKE Security Team using Gemini, and Robert Prast (@robertprast) for independently discovering and responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose) * Email us at [security@containerd.io](mailto:security@containerd.io)
To report a security issue in containerd: * [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new) * Email us at [security@containerd.io](mailto:security@containerd.io)
Are you affected?
Enter the version of the package you're using.
Affected packages
1.7.0 Fixed in: 1.7.33 go get github.com/containerd/containerd@v1.7.33 2.0.0 Fixed in: 2.0.10 go get github.com/containerd/containerd/v2@v2.0.10 2.1.0 Fixed in: 2.1.9 go get github.com/containerd/containerd/v2@v2.1.9 2.2.0 Fixed in: 2.2.5 go get github.com/containerd/containerd/v2@v2.2.5 2.3.0 Fixed in: 2.3.2 go get github.com/containerd/containerd/v2@v2.3.2