x/vulndb: potential Go vuln in github.com/containerd/containerd: GHSA-c9cp-9c75-9v8c

[GoVulnBot]

In GitHub Security Advisory GHSA-c9cp-9c75-9v8c, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/containerd/containerd	1.6.2	>= 1.6.0, < 1.6.2

Cross references:

• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd: CVE-2021-43816 #278 EFFECTIVELY_PRIVATE
• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd: CVE-2022-23648 #344 EFFECTIVELY_PRIVATE
• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd: GHSA-5j5w-g665-5m35 #360 EFFECTIVELY_PRIVATE
• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd: CVE-2022-31030 #482 EFFECTIVELY_PRIVATE
• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd/cmd: GHSA-36xw-fx78-c5r4 #784 NOT_IMPORTABLE
• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd: GHSA-742w-89gc-8m9c #803 NOT_IMPORTABLE
• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd: CVE-2021-32760, GHSA-c72p-9xmj-rx3w #921 NOT_IMPORTABLE
• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd: CVE-2021-41103, GHSA-c2h3-6mxw-7mvq #938 NOT_IMPORTABLE
• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd: CVE-2022-23471 #1147 EFFECTIVELY_PRIVATE
• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd: CVE-2021-21334 #2321 LEGACY_FALSE_POSITIVE
• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd: GHSA-259w-8hf6-59c2 #1573
• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd: GHSA-259w-8hf6-59c2 #1573
• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd: GHSA-hmfx-3pcx-653p #1574
• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd: GHSA-hmfx-3pcx-653p #1574
• Module github.com/containerd/containerd appears in issue x/vulndb: potential Go vuln in github.com/containerd/containerd: GHSA-7ww5-4wqc-m92c #2412

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/containerd/containerd
      versions:
        - fixed: 1.5.11
        - introduced: 1.6.0
          fixed: 1.6.2
      vulnerable_at: 1.6.1
      packages:
        - package: github.com/containerd/containerd
summary: containerd started with non-empty inheritable Linux process capabilities in github.com/containerd/containerd
ghsas:
    - GHSA-c9cp-9c75-9v8c
references:
    - advisory: https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c
source:
    id: GHSA-c9cp-9c75-9v8c

[gopherbot]

Change https://go.dev/cl/586484 mentions this issue: data/reports: add 73 unreviewed reports

[gopherbot]

Change https://go.dev/cl/590039 mentions this issue: data/reports: add 51 reports

[gopherbot]

Change https://go.dev/cl/595999 mentions this issue: data/reports: review 7 reports