AIKIDO-2025-10626
github.com/opencontainers/umoci is vulnerable to Uncontrolled Resource Consumption
10
Low Risk
This Affects:
github.com/opencontainers/umociTL;DR
Affected versions of this package are vulnerable to a Denial-of-Service (DoS) attack because they implicitly allowed the creation of image descriptors with a negative or unknown size. An attacker could exploit this by providing a maliciously crafted image manifest containing such a descriptor, which, when processed, would cause an infinite read loop or excessive resource consumption, ultimately crashing the application. This flaw is due to an overly permissive interpretation of the specification, which has since been clarified to explicitly disallow unknown sizes for most descriptors as they are a classic DoS vector.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/opencontainers/umoci is vulnerable to Uncontrolled Resource Consumption in versions 0.4.4 - 0.5.0.
How to fix this
Upgrade the github.com/opencontainers/umoci library to the patch version.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant