DEBIAN-CVE-2025-64329

DEBIAN-CVE-2025-64329 PUBLISHED CVSS 5.5 MEDIUM

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	containerd	0, 1.7.24, 0
Debian:12	containerd	1.6.20, 1.7.24~ds1-10, 1.7.24~ds1-2
Debian:14	containerd	0, 1.7.24, 1.7.24
Debian:11	containerd	1.4.5, 1.4.5, *

Exploit Intelligence

glcve_test.go (github-poc)

Timeline

Nov 7, 2025 CVE Published
May 16, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-64329 advisory

Open in Interactive Console →