{"id":"CVE-2024-40635","summary":"containerd has an integer overflow in User ID handling","details":"containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.","aliases":["GHSA-265r-hfxg-fhmg","GO-2025-3528"],"modified":"2026-05-18T05:58:54.545175819Z","published":"2025-03-17T21:32:37.894Z","related":["CGA-2ffc-vqv2-m9xj","SUSE-SU-2025:1345-1","SUSE-SU-2025:1346-1","SUSE-SU-2025:20216-1","SUSE-SU-2025:20459-1","openSUSE-SU-2025:14910-1","openSUSE-SU-2025:15039-1","openSUSE-SU-2025:15169-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40635.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-190"]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40635.json"},{"type":"ADVISORY","url":"https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40635"},{"type":"FIX","url":"https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da"},{"type":"FIX","url":"https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20"},{"type":"FIX","url":"https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/containerd/containerd","events":[{"introduced":"de55dfc0f184aa6ed19de4dc02a3a4bae3476c88"},{"fixed":"1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20"}]}],"versions":["v2.0.3","v2.0.2","v2.0.1","v2.0.0","api/v1.8.0","v2.0.0-rc.6","api/v1.8.0-rc.4","v2.0.0-rc.5","api/v1.8.0-rc.3","v2.0.0-rc.4","v2.0.0-rc.3","api/v1.8.0-rc.2","api/v1.8.0-rc.1","v2.0.0-rc.2","api/v1.8.0-rc.0","v2.0.0-rc.1","v2.0.0-rc.0","v2.0.0-beta.2","v2.0.0-beta.1","v2.0.0-beta.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-40635.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"}]}