{"id":"GO-2025-4108","summary":"containerd CRI server: Host memory exhaustion through Attach goroutine leak in github.com/containerd/containerd","details":"containerd CRI server: Host memory exhaustion through Attach goroutine leak in github.com/containerd/containerd","aliases":["CVE-2025-64329","GHSA-m6hq-p25p-ffr2"],"modified":"2026-03-17T05:05:38.087861Z","published":"2025-11-17T19:11:23Z","related":["CGA-7jqj-8457-jm46"],"database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-4108"},"references":[{"type":"ADVISORY","url":"https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64329"},{"type":"FIX","url":"https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df"}],"affected":[{"package":{"name":"github.com/containerd/containerd","ecosystem":"Go","purl":"pkg:golang/github.com/containerd/containerd"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.7.29"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-4108.json"}},{"package":{"name":"github.com/containerd/containerd/v2","ecosystem":"Go","purl":"pkg:golang/github.com/containerd/containerd/v2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.0.7"},{"introduced":"2.1.0-beta.0"},{"fixed":"2.1.5"},{"introduced":"2.2.0-beta.0"},{"fixed":"2.2.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-4108.json"}}],"schema_version":"1.7.5"}