Multiple vulnerabilities were discovered in containerd, an open-source container runtime, used by e.g. Docker or Kubernetes.
CVE-2024-25621
Overly broad default permission vulnerability. Directory paths
`/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri`
and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were
all created with incorrect permissions.
CVE-2025-64329
Bug in the CRI Attach implementation where a user can exhaust memory
on the host due to goroutine leaks.
1.4.13~ds1-1~deb11u6