{"id":"CVE-2024-40635","summary":"containerd has an integer overflow in User ID handling","details":"containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.","aliases":["GHSA-265r-hfxg-fhmg","GO-2025-3528"],"modified":"2026-04-16T04:32:26.417589228Z","published":"2025-03-17T21:32:37.894Z","related":["CGA-2ffc-vqv2-m9xj","SUSE-SU-2025:1345-1","SUSE-SU-2025:1346-1","SUSE-SU-2025:20216-1","SUSE-SU-2025:20459-1","openSUSE-SU-2025:14910-1","openSUSE-SU-2025:15039-1","openSUSE-SU-2025:15169-1"],"database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-190"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40635.json"},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40635.json"},{"type":"ADVISORY","url":"https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40635"},{"type":"FIX","url":"https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da"},{"type":"FIX","url":"https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20"},{"type":"FIX","url":"https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/containerd/containerd","events":[{"introduced":"0"},{"fixed":"cf158e884cfe4812a6c371b59e4ea9bc4c46e51a"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.6.38"}]}},{"type":"GIT","repo":"https://github.com/containerd/containerd","events":[{"introduced":"d878d7dda8d97f7f9d1d50b4a5d36d2d8fae9162"},{"fixed":"05044ec0a9a75232cad458027ca83437aae3f4da"}],"database_specific":{"versions":[{"introduced":"1.7.0-beta.0"},{"fixed":"1.7.27"}]}},{"type":"GIT","repo":"https://github.com/containerd/containerd","events":[{"introduced":"de55dfc0f184aa6ed19de4dc02a3a4bae3476c88"},{"fixed":"1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20"}],"database_specific":{"versions":[{"introduced":"2.0.0-beta.0"},{"fixed":"2.0.4"}]}}],"versions":["0.0.2","0.0.3","0.0.4","0.0.5","api/v1.6.0-beta.1","api/v1.6.0-beta.2","api/v1.6.0-beta.3","api/v1.7.19","api/v1.8.0","api/v1.8.0-rc.0","api/v1.8.0-rc.1","api/v1.8.0-rc.2","api/v1.8.0-rc.3","api/v1.8.0-rc.4","v0.2.0","v1.0.0","v1.0.0-alpha0","v1.0.0-alpha1","v1.0.0-alpha2","v1.0.0-alpha3","v1.0.0-alpha4","v1.0.0-alpha5","v1.0.0-alpha6","v1.0.0-beta.0","v1.0.0-beta.1","v1.0.0-beta.2","v1.0.0-beta.3","v1.0.0-rc.0","v1.1.0","v1.1.0-rc.0","v1.1.0-rc.1","v1.1.0-rc.2","v1.2.0","v1.2.0-beta.0","v1.2.0-beta.1","v1.2.0-beta.2","v1.2.0-rc.0","v1.2.0-rc.1","v1.2.0-rc.2","v1.3.0","v1.3.0-beta.0","v1.3.0-beta.1","v1.3.0-beta.2","v1.3.0-rc.0","v1.3.0-rc.1","v1.3.0-rc.2","v1.3.0-rc.3","v1.4.0","v1.4.0-beta.0","v1.4.0-beta.1","v1.4.0-beta.2","v1.4.0-rc.0","v1.4.0-rc.1","v1.5.0","v1.5.0-beta.0","v1.5.0-beta.1","v1.5.0-beta.2","v1.5.0-beta.3","v1.5.0-beta.4","v1.5.0-rc.0","v1.5.0-rc.1","v1.5.0-rc.2","v1.5.0-rc.3","v1.6.0","v1.6.0-beta.0","v1.6.0-beta.1","v1.6.0-beta.2","v1.6.0-beta.3","v1.6.0-beta.4","v1.6.0-beta.5","v1.6.0-rc.0","v1.6.0-rc.1","v1.6.0-rc.2","v1.6.0-rc.3","v1.6.0-rc.4","v1.6.1","v1.6.10","v1.6.11","v1.6.12","v1.6.13","v1.6.14","v1.6.15","v1.6.16","v1.6.17","v1.6.18","v1.6.19","v1.6.2","v1.6.20","v1.6.21","v1.6.22","v1.6.23","v1.6.24","v1.6.25","v1.6.26","v1.6.27","v1.6.28","v1.6.29","v1.6.3","v1.6.30","v1.6.31","v1.6.32","v1.6.33","v1.6.34","v1.6.35","v1.6.36","v1.6.37","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.6.8","v1.6.9","v1.7.0","v1.7.0-beta.0","v1.7.0-beta.1","v1.7.0-beta.2","v1.7.0-beta.3","v1.7.0-beta.4","v1.7.0-rc.0","v1.7.0-rc.1","v1.7.0-rc.2","v1.7.0-rc.3","v1.7.1","v1.7.10","v1.7.11","v1.7.12","v1.7.13","v1.7.14","v1.7.15","v1.7.16","v1.7.17","v1.7.18","v1.7.19","v1.7.2","v1.7.20","v1.7.21","v1.7.22","v1.7.23","v1.7.24","v1.7.25","v1.7.26","v1.7.3","v1.7.4","v1.7.5","v1.7.6","v1.7.7","v1.7.8","v1.7.9","v2.0.0","v2.0.0-beta.0","v2.0.0-beta.1","v2.0.0-beta.2","v2.0.0-rc.0","v2.0.0-rc.1","v2.0.0-rc.2","v2.0.0-rc.3","v2.0.0-rc.4","v2.0.0-rc.5","v2.0.0-rc.6","v2.0.1","v2.0.2","v2.0.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40635.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"}]}