{
  "verdict": "no_bypass_found",
  "variant_confirmed": false,
  "bypass_confirmed": false,
  "alternate_trigger_on_vulnerable_confirmed": true,
  "candidate_id": "digest_rootfsImageRef_tag_poisoning",
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "tested_vulnerable_target": {
    "target_kind": "release_binary",
    "version": "2.2.2",
    "display": "containerd github.com/containerd/containerd/v2 v2.2.2 301b2dac98f15c27117da5c8af12118a041a31d9",
    "commit_sha": "301b2dac98f15c27117da5c8af12118a041a31d9",
    "source_tag_commit_sha": "116b799b27bcb69462e26db2d70c4823211befeb"
  },
  "tested_fixed_target": {
    "target_kind": "release_binary",
    "version": "2.2.5",
    "display": "containerd github.com/containerd/containerd/v2 v2.2.5 e53c7c1516c3b2bff98eb76f1f4117477e6f4e66",
    "commit_sha": "e53c7c1516c3b2bff98eb76f1f4117477e6f4e66",
    "source_tag_commit_sha": "bafc09e8fb5c3d754f57a77cd0b1fc6b7919834d"
  },
  "latest_fixed_source_context": {
    "version": "2.3.2",
    "source_tag_commit_sha": "c2be8504d753b8e360526e405e27c4164595daf6",
    "runtime_tested": false,
    "notes": "v2.3.2 source tag identity was recorded for patch context; runtime testing focused on the ticket's fixed 2.2 branch release v2.2.5."
  },
  "attacker_controlled_input": "checkpoint archive config.dump rootfsImageRef=localhost:5000/attacker-digest@sha256:6015e02e94c8a0760f2ec65a62684d1ee6fb84925e68386f83e912ef8f9431af and rootfsImageName=localhost:5000/victim-digest:stable",
  "trigger_path": "CRI CreateContainer checkpoint import followed by CRI CreateContainer/StartContainer for victim-digest:stable",
  "observed_impact_class_vulnerable": "code_execution",
  "observed_impact_class_fixed": "blocked_no_code_execution",
  "exploitability_confidence": "high_on_vulnerable_versions",
  "same_root_cause_confidence": "high",
  "same_surface_confidence": "high",
  "end_to_end_target_reached": true,
  "fixed_version_target_reached": true,
  "blocking_mitigation": "containerd v2.2.5 removes the CRImportCheckpoint image-service retagging block, so untrusted RootfsImageName is not created as a local image tag even when RootfsImageRef is a digest reference and the base image is pulled.",
  "claim_block_reason": "fixed_version_blocks_candidate",
  "repro_script_exit_code": 1,
  "script_exit_code_meaning": "exit 1 is expected for this negative-bypass outcome; the script ran fully twice and found no fixed-version bypass",
  "artifact_refs": {
    "reproducer": "bundle/vuln_variant/reproduction_steps.sh",
    "runtime_manifest": "bundle/vuln_variant/runtime_manifest.json",
    "repro_log": "bundle/logs/vuln_variant/reproduction_steps.log",
    "summary": "bundle/logs/vuln_variant/digest_variant_summary.txt",
    "vulnerable_evidence": "bundle/logs/vuln_variant/vulnerable_v222_digest_variant_evidence.txt",
    "fixed_evidence": "bundle/logs/vuln_variant/fixed_v225_digest_variant_evidence.txt",
    "source_identity_discovery": "bundle/logs/vuln_variant/source_identity_discovery.txt"
  },
  "inferred": false
}
