csaf_opensuse - opensuse-su-2024:11358-1

opensuse-su-2024:11358-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

runc-1.0.2-1.2 on GA media

Notes

Title of the patch

runc-1.0.2-1.2 on GA media

Description of the patch

These are all security issues fixed in the runc-1.0.2-1.2 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-11358

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "runc-1.0.2-1.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the runc-1.0.2-1.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11358",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11358-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9962 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9962/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-16873 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-16873/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-16874 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-16874/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-16875 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-16875/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-16884 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-16884/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-19921 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-19921/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-5736 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-5736/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-30465 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-30465/"
      }
    ],
    "title": "runc-1.0.2-1.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11358-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.0.2-1.2.aarch64",
                "product": {
                  "name": "runc-1.0.2-1.2.aarch64",
                  "product_id": "runc-1.0.2-1.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.0.2-1.2.ppc64le",
                "product": {
                  "name": "runc-1.0.2-1.2.ppc64le",
                  "product_id": "runc-1.0.2-1.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.0.2-1.2.s390x",
                "product": {
                  "name": "runc-1.0.2-1.2.s390x",
                  "product_id": "runc-1.0.2-1.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.0.2-1.2.x86_64",
                "product": {
                  "name": "runc-1.0.2-1.2.x86_64",
                  "product_id": "runc-1.0.2-1.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.0.2-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64"
        },
        "product_reference": "runc-1.0.2-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.0.2-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le"
        },
        "product_reference": "runc-1.0.2-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.0.2-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x"
        },
        "product_reference": "runc-1.0.2-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.0.2-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
        },
        "product_reference": "runc-1.0.2-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-9962",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9962"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "RunC allowed additional container processes via \u0027runc exec\u0027 to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9962",
          "url": "https://www.suse.com/security/cve/CVE-2016-9962"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1012568 for CVE-2016-9962",
          "url": "https://bugzilla.suse.com/1012568"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173425 for CVE-2016-9962",
          "url": "https://bugzilla.suse.com/1173425"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9962"
    },
    {
      "cve": "CVE-2018-16873",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-16873"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-16873",
          "url": "https://www.suse.com/security/cve/CVE-2018-16873"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118897 for CVE-2018-16873",
          "url": "https://bugzilla.suse.com/1118897"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118898 for CVE-2018-16873",
          "url": "https://bugzilla.suse.com/1118898"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118899 for CVE-2018-16873",
          "url": "https://bugzilla.suse.com/1118899"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-16873"
    },
    {
      "cve": "CVE-2018-16874",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-16874"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-16874",
          "url": "https://www.suse.com/security/cve/CVE-2018-16874"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118897 for CVE-2018-16874",
          "url": "https://bugzilla.suse.com/1118897"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118898 for CVE-2018-16874",
          "url": "https://bugzilla.suse.com/1118898"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118899 for CVE-2018-16874",
          "url": "https://bugzilla.suse.com/1118899"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-16874"
    },
    {
      "cve": "CVE-2018-16875",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-16875"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-16875",
          "url": "https://www.suse.com/security/cve/CVE-2018-16875"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118897 for CVE-2018-16875",
          "url": "https://bugzilla.suse.com/1118897"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118898 for CVE-2018-16875",
          "url": "https://bugzilla.suse.com/1118898"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118899 for CVE-2018-16875",
          "url": "https://bugzilla.suse.com/1118899"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-16875"
    },
    {
      "cve": "CVE-2019-16884",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-16884"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-16884",
          "url": "https://www.suse.com/security/cve/CVE-2019-16884"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1152308 for CVE-2019-16884",
          "url": "https://bugzilla.suse.com/1152308"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-16884"
    },
    {
      "cve": "CVE-2019-19921",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-19921"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-19921",
          "url": "https://www.suse.com/security/cve/CVE-2019-19921"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1160452 for CVE-2019-19921",
          "url": "https://bugzilla.suse.com/1160452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208962 for CVE-2019-19921",
          "url": "https://bugzilla.suse.com/1208962"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-19921"
    },
    {
      "cve": "CVE-2019-5736",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-5736"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-5736",
          "url": "https://www.suse.com/security/cve/CVE-2019-5736"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1121967 for CVE-2019-5736",
          "url": "https://bugzilla.suse.com/1121967"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1122185 for CVE-2019-5736",
          "url": "https://bugzilla.suse.com/1122185"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173421 for CVE-2019-5736",
          "url": "https://bugzilla.suse.com/1173421"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218894 for CVE-2019-5736",
          "url": "https://bugzilla.suse.com/1218894"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-5736"
    },
    {
      "cve": "CVE-2021-30465",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-30465"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
          "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-30465",
          "url": "https://www.suse.com/security/cve/CVE-2021-30465"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185405 for CVE-2021-30465",
          "url": "https://bugzilla.suse.com/1185405"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189161 for CVE-2021-30465",
          "url": "https://bugzilla.suse.com/1189161"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
            "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-30465"
    }
  ]
}

CVE-2016-9962 (GCVE-0-2016-9962)

Vulnerability from cvelistv5

Published

2017-01-31 22:00

Modified

2024-08-06 03:07

Severity ?

CWE

Summary

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.

References

►

URL

Tags

	http://www.securityfocus.com/bid/95361	vdb-entry, x_refsource_BID
	https://github.com/docker/docker/releases/tag/v1.12.6	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0116.html	vendor-advisory, x_refsource_REDHAT
	http://seclists.org/fulldisclosure/2017/Jan/29	mailing-list, x_refsource_FULLDISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201701-34	vendor-advisory, x_refsource_GENTOO
	http://rhn.redhat.com/errata/RHSA-2017-0123.html	vendor-advisory, x_refsource_REDHAT
	https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0127.html	vendor-advisory, x_refsource_REDHAT
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/	vendor-advisory, x_refsource_FEDORA
	https://access.redhat.com/security/vulnerabilities/cve-2016-9962	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/archive/1/540001/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://seclists.org/fulldisclosure/2017/Jan/21	mailing-list, x_refsource_FULLDISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:31.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95361",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95361"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/docker/docker/releases/tag/v1.12.6"
          },
          {
            "name": "RHSA-2017:0116",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0116.html"
          },
          {
            "name": "20170111 Re: [oss-security] Docker 1.12.6 - Security Advisory",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jan/29"
          },
          {
            "name": "FEDORA-2017-fcd02e2c2d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6"
          },
          {
            "name": "GLSA-201701-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-34"
          },
          {
            "name": "RHSA-2017:0123",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0123.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5"
          },
          {
            "name": "RHSA-2017:0127",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0127.html"
          },
          {
            "name": "FEDORA-2017-c2c2d1be16",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/cve-2016-9962"
          },
          {
            "name": "FEDORA-2017-dbc2b618eb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/"
          },
          {
            "name": "FEDORA-2017-0200646669",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/"
          },
          {
            "name": "20170111 Re: [oss-security] Docker 1.12.6 - Security Advisory",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540001/100/0/threaded"
          },
          {
            "name": "20170110 Docker 1.12.6 - Security Advisory",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jan/21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "RunC allowed additional container processes via \u0027runc exec\u0027 to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "95361",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95361"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/docker/docker/releases/tag/v1.12.6"
        },
        {
          "name": "RHSA-2017:0116",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0116.html"
        },
        {
          "name": "20170111 Re: [oss-security] Docker 1.12.6 - Security Advisory",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jan/29"
        },
        {
          "name": "FEDORA-2017-fcd02e2c2d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6"
        },
        {
          "name": "GLSA-201701-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-34"
        },
        {
          "name": "RHSA-2017:0123",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0123.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5"
        },
        {
          "name": "RHSA-2017:0127",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0127.html"
        },
        {
          "name": "FEDORA-2017-c2c2d1be16",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/cve-2016-9962"
        },
        {
          "name": "FEDORA-2017-dbc2b618eb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/"
        },
        {
          "name": "FEDORA-2017-0200646669",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/"
        },
        {
          "name": "20170111 Re: [oss-security] Docker 1.12.6 - Security Advisory",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/540001/100/0/threaded"
        },
        {
          "name": "20170110 Docker 1.12.6 - Security Advisory",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jan/21"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9962",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "RunC allowed additional container processes via \u0027runc exec\u0027 to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95361",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95361"
            },
            {
              "name": "https://github.com/docker/docker/releases/tag/v1.12.6",
              "refsource": "CONFIRM",
              "url": "https://github.com/docker/docker/releases/tag/v1.12.6"
            },
            {
              "name": "RHSA-2017:0116",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0116.html"
            },
            {
              "name": "20170111 Re: [oss-security] Docker 1.12.6 - Security Advisory",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2017/Jan/29"
            },
            {
              "name": "FEDORA-2017-fcd02e2c2d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6"
            },
            {
              "name": "GLSA-201701-34",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-34"
            },
            {
              "name": "RHSA-2017:0123",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0123.html"
            },
            {
              "name": "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5",
              "refsource": "CONFIRM",
              "url": "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5"
            },
            {
              "name": "RHSA-2017:0127",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0127.html"
            },
            {
              "name": "FEDORA-2017-c2c2d1be16",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/cve-2016-9962",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/security/vulnerabilities/cve-2016-9962"
            },
            {
              "name": "FEDORA-2017-dbc2b618eb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/"
            },
            {
              "name": "FEDORA-2017-0200646669",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/"
            },
            {
              "name": "20170111 Re: [oss-security] Docker 1.12.6 - Security Advisory",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/540001/100/0/threaded"
            },
            {
              "name": "20170110 Docker 1.12.6 - Security Advisory",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2017/Jan/21"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9962",
    "datePublished": "2017-01-31T22:00:00",
    "dateReserved": "2016-12-15T00:00:00",
    "dateUpdated": "2024-08-06T03:07:31.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-16884 (GCVE-0-2019-16884)

Vulnerability from cvelistv5

Published

2019-09-25 00:00

Modified

2024-08-05 01:24

Severity ?

CWE

Summary

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

References

►

URL

Tags

	https://github.com/opencontainers/runc/issues/2128
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGK6IV5JGVDXHOXEKJOJWKOVNZLT6MYR/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62OQ2P7K5YDZ5BRCH2Q6DHUJIHQD3QCD/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPK4JWP32BUIVDJ3YODZSOEVEW6BHQCF/	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00073.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00009.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2019:3940	vendor-advisory
	https://access.redhat.com/errata/RHSA-2019:4074	vendor-advisory
	https://access.redhat.com/errata/RHSA-2019:4269	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html	vendor-advisory
	https://security.gentoo.org/glsa/202003-21	vendor-advisory
	https://usn.ubuntu.com/4297-1/	vendor-advisory
	https://security.netapp.com/advisory/ntap-20220221-0004/
	https://lists.debian.org/debian-lts-announce/2023/02/msg00016.html	mailing-list
	https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:48.342Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opencontainers/runc/issues/2128"
          },
          {
            "name": "FEDORA-2019-bd4843561c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGK6IV5JGVDXHOXEKJOJWKOVNZLT6MYR/"
          },
          {
            "name": "FEDORA-2019-3fc86a518b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62OQ2P7K5YDZ5BRCH2Q6DHUJIHQD3QCD/"
          },
          {
            "name": "FEDORA-2019-96946c39dd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPK4JWP32BUIVDJ3YODZSOEVEW6BHQCF/"
          },
          {
            "name": "openSUSE-SU-2019:2418",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00073.html"
          },
          {
            "name": "openSUSE-SU-2019:2434",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00009.html"
          },
          {
            "name": "RHSA-2019:3940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3940"
          },
          {
            "name": "RHSA-2019:4074",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4074"
          },
          {
            "name": "RHSA-2019:4269",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4269"
          },
          {
            "name": "openSUSE-SU-2020:0045",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html"
          },
          {
            "name": "GLSA-202003-21",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-21"
          },
          {
            "name": "USN-4297-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4297-1/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220221-0004/"
          },
          {
            "name": "[debian-lts-announce] 20230218 [SECURITY] [DLA 3322-1] golang-github-opencontainers-selinux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00016.html"
          },
          {
            "name": "[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-27T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/opencontainers/runc/issues/2128"
        },
        {
          "name": "FEDORA-2019-bd4843561c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGK6IV5JGVDXHOXEKJOJWKOVNZLT6MYR/"
        },
        {
          "name": "FEDORA-2019-3fc86a518b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62OQ2P7K5YDZ5BRCH2Q6DHUJIHQD3QCD/"
        },
        {
          "name": "FEDORA-2019-96946c39dd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPK4JWP32BUIVDJ3YODZSOEVEW6BHQCF/"
        },
        {
          "name": "openSUSE-SU-2019:2418",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00073.html"
        },
        {
          "name": "openSUSE-SU-2019:2434",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00009.html"
        },
        {
          "name": "RHSA-2019:3940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3940"
        },
        {
          "name": "RHSA-2019:4074",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4074"
        },
        {
          "name": "RHSA-2019:4269",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4269"
        },
        {
          "name": "openSUSE-SU-2020:0045",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html"
        },
        {
          "name": "GLSA-202003-21",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202003-21"
        },
        {
          "name": "USN-4297-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4297-1/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220221-0004/"
        },
        {
          "name": "[debian-lts-announce] 20230218 [SECURITY] [DLA 3322-1] golang-github-opencontainers-selinux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00016.html"
        },
        {
          "name": "[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16884",
    "datePublished": "2019-09-25T00:00:00",
    "dateReserved": "2019-09-25T00:00:00",
    "dateUpdated": "2024-08-05T01:24:48.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-16874 (GCVE-0-2018-16874)

Vulnerability from cvelistv5

Published

2018-12-14 14:00

Modified

2024-08-05 10:32

Severity ?

6.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-20

Summary

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.

References

►

URL

Tags

	https://security.gentoo.org/glsa/201812-09	vendor-advisory, x_refsource_GENTOO
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16874	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/106228	vdb-entry, x_refsource_BID
	https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	[UNKNOWN]	golang	Version: 1.10.6 Version: 1.11.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:32:54.222Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201812-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201812-09"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16874"
          },
          {
            "name": "106228",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106228"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0"
          },
          {
            "name": "openSUSE-SU-2019:1079",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
          },
          {
            "name": "openSUSE-SU-2019:1444",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
          },
          {
            "name": "openSUSE-SU-2019:1499",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2019:1506",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
          },
          {
            "name": "openSUSE-SU-2019:1703",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2020:0554",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
          },
          {
            "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
          },
          {
            "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "golang",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "1.10.6"
            },
            {
              "status": "affected",
              "version": "1.11.3"
            }
          ]
        }
      ],
      "datePublic": "2018-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-13T20:06:29",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "GLSA-201812-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201812-09"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16874"
        },
        {
          "name": "106228",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106228"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0"
        },
        {
          "name": "openSUSE-SU-2019:1079",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
        },
        {
          "name": "openSUSE-SU-2019:1444",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
        },
        {
          "name": "openSUSE-SU-2019:1499",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2019:1506",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
        },
        {
          "name": "openSUSE-SU-2019:1703",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2020:0554",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
        },
        {
          "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
        },
        {
          "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-16874",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "golang",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.10.6"
                          },
                          {
                            "version_value": "1.11.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "6.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201812-09",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201812-09"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16874",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16874"
            },
            {
              "name": "106228",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106228"
            },
            {
              "name": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0",
              "refsource": "MISC",
              "url": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0"
            },
            {
              "name": "openSUSE-SU-2019:1079",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
            },
            {
              "name": "openSUSE-SU-2019:1444",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
            },
            {
              "name": "openSUSE-SU-2019:1499",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
            },
            {
              "name": "openSUSE-SU-2019:1506",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
            },
            {
              "name": "openSUSE-SU-2019:1703",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2020:0554",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-16874",
    "datePublished": "2018-12-14T14:00:00",
    "dateReserved": "2018-09-11T00:00:00",
    "dateUpdated": "2024-08-05T10:32:54.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-16873 (GCVE-0-2018-16873)

Vulnerability from cvelistv5

Published

2018-12-14 14:00

Modified

2024-08-05 10:32

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-20

Summary

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it's possible to arrange things so that a Git repository is cloned to a folder named ".git" by using a vanity import path that ends with "/.git". If the Git repository root contains a "HEAD" file, a "config" file, an "objects" directory, a "refs" directory, with some work to ensure the proper ordering of operations, "go get -u" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the "config" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running "go get -u".

References

►

URL

Tags

	http://www.securityfocus.com/bid/106226	vdb-entry, x_refsource_BID
	https://security.gentoo.org/glsa/201812-09	vendor-advisory, x_refsource_GENTOO
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16873	x_refsource_CONFIRM
	https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	[UNKNOWN]	golang	Version: 1.10.6 Version: 1.11.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:32:54.055Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106226",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106226"
          },
          {
            "name": "GLSA-201812-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201812-09"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16873"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0"
          },
          {
            "name": "openSUSE-SU-2019:1079",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
          },
          {
            "name": "openSUSE-SU-2019:1444",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
          },
          {
            "name": "openSUSE-SU-2019:1499",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2019:1506",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
          },
          {
            "name": "openSUSE-SU-2019:1703",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2020:0554",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
          },
          {
            "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
          },
          {
            "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "golang",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "1.10.6"
            },
            {
              "status": "affected",
              "version": "1.11.3"
            }
          ]
        }
      ],
      "datePublic": "2018-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\"."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-13T20:06:33",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "106226",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106226"
        },
        {
          "name": "GLSA-201812-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201812-09"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16873"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0"
        },
        {
          "name": "openSUSE-SU-2019:1079",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
        },
        {
          "name": "openSUSE-SU-2019:1444",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
        },
        {
          "name": "openSUSE-SU-2019:1499",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2019:1506",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
        },
        {
          "name": "openSUSE-SU-2019:1703",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2020:0554",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
        },
        {
          "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
        },
        {
          "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-16873",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "golang",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.10.6"
                          },
                          {
                            "version_value": "1.11.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\"."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106226",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106226"
            },
            {
              "name": "GLSA-201812-09",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201812-09"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16873",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16873"
            },
            {
              "name": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0",
              "refsource": "MISC",
              "url": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0"
            },
            {
              "name": "openSUSE-SU-2019:1079",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
            },
            {
              "name": "openSUSE-SU-2019:1444",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
            },
            {
              "name": "openSUSE-SU-2019:1499",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
            },
            {
              "name": "openSUSE-SU-2019:1506",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
            },
            {
              "name": "openSUSE-SU-2019:1703",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2020:0554",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-16873",
    "datePublished": "2018-12-14T14:00:00",
    "dateReserved": "2018-09-11T00:00:00",
    "dateUpdated": "2024-08-05T10:32:54.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-30465 (GCVE-0-2021-30465)

Vulnerability from cvelistv5

Published

2021-05-27 00:00

Modified

2024-08-03 22:32

Severity ?

CWE

Summary

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.

References

►

URL

Tags

	https://github.com/opencontainers/runc/releases
	http://www.openwall.com/lists/oss-security/2021/05/19/2	mailing-list
	http://www.openwall.com/lists/oss-security/2021/05/19/2
	https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HOARVIT47RULTTFWAU7XBG4WY6TDDHV/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH/	vendor-advisory
	https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f
	https://bugzilla.opensuse.org/show_bug.cgi?id=1185405
	https://security.netapp.com/advisory/ntap-20210708-0003/
	https://security.gentoo.org/glsa/202107-26	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:32:40.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opencontainers/runc/releases"
          },
          {
            "name": "[oss-security] 20210519 CVE-2021-30465: runc \u003c1.0.0-rc95 vulnerable to symlink-exchange attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/05/19/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/05/19/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r"
          },
          {
            "name": "FEDORA-2021-2eb67ba3c2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HOARVIT47RULTTFWAU7XBG4WY6TDDHV/"
          },
          {
            "name": "FEDORA-2021-0440f235a0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1185405"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210708-0003/"
          },
          {
            "name": "GLSA-202107-26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-26"
          },
          {
            "name": "[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-27T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/opencontainers/runc/releases"
        },
        {
          "name": "[oss-security] 20210519 CVE-2021-30465: runc \u003c1.0.0-rc95 vulnerable to symlink-exchange attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/05/19/2"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2021/05/19/2"
        },
        {
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r"
        },
        {
          "name": "FEDORA-2021-2eb67ba3c2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HOARVIT47RULTTFWAU7XBG4WY6TDDHV/"
        },
        {
          "name": "FEDORA-2021-0440f235a0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH/"
        },
        {
          "url": "https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f"
        },
        {
          "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1185405"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210708-0003/"
        },
        {
          "name": "GLSA-202107-26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202107-26"
        },
        {
          "name": "[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-30465",
    "datePublished": "2021-05-27T00:00:00",
    "dateReserved": "2021-04-08T00:00:00",
    "dateUpdated": "2024-08-03T22:32:40.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-5736 (GCVE-0-2019-5736)

Vulnerability from cvelistv5

Published

2019-02-11 00:00

Modified

2024-08-04 20:01

Severity ?

CWE

Summary

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

References

►

URL

Tags

	https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
	https://access.redhat.com/errata/RHSA-2019:0408	vendor-advisory
	https://github.com/rancher/runc-cve
	https://access.redhat.com/errata/RHSA-2019:0401	vendor-advisory
	https://github.com/docker/docker-ce/releases/tag/v18.09.2
	https://www.synology.com/security/advisory/Synology_SA_19_06
	https://security.netapp.com/advisory/ntap-20190307-0008/
	https://access.redhat.com/errata/RHSA-2019:0303	vendor-advisory
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc	vendor-advisory
	https://github.com/q3k/cve-2019-5736-poc
	https://www.exploit-db.com/exploits/46359/	exploit
	https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
	https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
	https://www.openwall.com/lists/oss-security/2019/02/11/2
	https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
	https://access.redhat.com/security/cve/cve-2019-5736
	https://www.exploit-db.com/exploits/46369/	exploit
	https://access.redhat.com/errata/RHSA-2019:0304	vendor-advisory
	https://github.com/Frichetten/CVE-2019-5736-PoC
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
	https://brauner.github.io/2019/02/12/privileged-containers.html
	https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
	https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
	http://www.securityfocus.com/bid/106976	vdb-entry
	https://access.redhat.com/security/vulnerabilities/runcescape
	https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
	https://bugzilla.suse.com/show_bug.cgi?id=1121967
	https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E	mailing-list
	http://www.openwall.com/lists/oss-security/2019/03/23/1	mailing-list
	https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/	vendor-advisory
	https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
	https://access.redhat.com/errata/RHSA-2019:0975	vendor-advisory
	https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
	https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
	https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html	vendor-advisory
	http://www.openwall.com/lists/oss-security/2019/06/28/2	mailing-list
	http://www.openwall.com/lists/oss-security/2019/07/06/3	mailing-list
	http://www.openwall.com/lists/oss-security/2019/07/06/4	mailing-list
	https://usn.ubuntu.com/4048-1/	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/	vendor-advisory
	https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html	vendor-advisory
	http://www.openwall.com/lists/oss-security/2019/10/24/1	mailing-list
	http://www.openwall.com/lists/oss-security/2019/10/29/3	mailing-list
	https://security.gentoo.org/glsa/202003-21	vendor-advisory
	https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E	mailing-list
	http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
	http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
	http://www.openwall.com/lists/oss-security/2024/01/31/6	mailing-list
	http://www.openwall.com/lists/oss-security/2024/02/01/1	mailing-list
	http://www.openwall.com/lists/oss-security/2024/02/02/3	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:01:52.208Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d"
          },
          {
            "name": "RHSA-2019:0408",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0408"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rancher/runc-cve"
          },
          {
            "name": "RHSA-2019:0401",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0401"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_06"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190307-0008/"
          },
          {
            "name": "RHSA-2019:0303",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0303"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/q3k/cve-2019-5736-poc"
          },
          {
            "name": "46359",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46359/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2019/02/11/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2019-5736"
          },
          {
            "name": "46369",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46369/"
          },
          {
            "name": "RHSA-2019:0304",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0304"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/Frichetten/CVE-2019-5736-PoC"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03913en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://brauner.github.io/2019/02/12/privileged-containers.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc"
          },
          {
            "name": "106976",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106976"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/runcescape"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967"
          },
          {
            "name": "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"
          },
          {
            "name": "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"
          },
          {
            "name": "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003"
          },
          {
            "name": "openSUSE-SU-2019:1079",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
          },
          {
            "name": "openSUSE-SU-2019:1227",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
          },
          {
            "name": "openSUSE-SU-2019:1275",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
          },
          {
            "name": "FEDORA-2019-bc70b381ad",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"
          },
          {
            "name": "FEDORA-2019-6174b47003",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944"
          },
          {
            "name": "RHSA-2019:0975",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0975"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/"
          },
          {
            "name": "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"
          },
          {
            "name": "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"
          },
          {
            "name": "openSUSE-SU-2019:1444",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
          },
          {
            "name": "openSUSE-SU-2019:1481",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
          },
          {
            "name": "openSUSE-SU-2019:1499",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2019:1506",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
          },
          {
            "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
          },
          {
            "name": "USN-4048-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4048-1/"
          },
          {
            "name": "openSUSE-SU-2019:2021",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
          },
          {
            "name": "FEDORA-2019-2baa1f7b19",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"
          },
          {
            "name": "FEDORA-2019-c1dac1b3b8",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"
          },
          {
            "name": "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"
          },
          {
            "name": "openSUSE-SU-2019:2245",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"
          },
          {
            "name": "openSUSE-SU-2019:2286",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"
          },
          {
            "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
          },
          {
            "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
          },
          {
            "name": "GLSA-202003-21",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-21"
          },
          {
            "name": "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html"
          },
          {
            "name": "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"
          },
          {
            "name": "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"
          },
          {
            "name": "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-02-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-02T12:06:25.591627",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d"
        },
        {
          "name": "RHSA-2019:0408",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0408"
        },
        {
          "url": "https://github.com/rancher/runc-cve"
        },
        {
          "name": "RHSA-2019:0401",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0401"
        },
        {
          "url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2"
        },
        {
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_06"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190307-0008/"
        },
        {
          "name": "RHSA-2019:0303",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0303"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"
        },
        {
          "url": "https://github.com/q3k/cve-2019-5736-poc"
        },
        {
          "name": "46359",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/46359/"
        },
        {
          "url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b"
        },
        {
          "url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2019/02/11/2"
        },
        {
          "url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2019-5736"
        },
        {
          "name": "46369",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/46369/"
        },
        {
          "name": "RHSA-2019:0304",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0304"
        },
        {
          "url": "https://github.com/Frichetten/CVE-2019-5736-PoC"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03913en_us"
        },
        {
          "url": "https://brauner.github.io/2019/02/12/privileged-containers.html"
        },
        {
          "url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"
        },
        {
          "url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc"
        },
        {
          "name": "106976",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/106976"
        },
        {
          "url": "https://access.redhat.com/security/vulnerabilities/runcescape"
        },
        {
          "url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967"
        },
        {
          "name": "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"
        },
        {
          "name": "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"
        },
        {
          "name": "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"
        },
        {
          "url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003"
        },
        {
          "name": "openSUSE-SU-2019:1079",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
        },
        {
          "name": "openSUSE-SU-2019:1227",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
        },
        {
          "name": "openSUSE-SU-2019:1275",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
        },
        {
          "name": "FEDORA-2019-bc70b381ad",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"
        },
        {
          "name": "FEDORA-2019-6174b47003",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"
        },
        {
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944"
        },
        {
          "name": "RHSA-2019:0975",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0975"
        },
        {
          "url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/"
        },
        {
          "url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/"
        },
        {
          "name": "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"
        },
        {
          "name": "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"
        },
        {
          "name": "openSUSE-SU-2019:1444",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
        },
        {
          "name": "openSUSE-SU-2019:1481",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
        },
        {
          "name": "openSUSE-SU-2019:1499",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2019:1506",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
        },
        {
          "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
        },
        {
          "name": "USN-4048-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4048-1/"
        },
        {
          "name": "openSUSE-SU-2019:2021",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
        },
        {
          "name": "FEDORA-2019-2baa1f7b19",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"
        },
        {
          "name": "FEDORA-2019-c1dac1b3b8",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"
        },
        {
          "name": "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"
        },
        {
          "name": "openSUSE-SU-2019:2245",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"
        },
        {
          "name": "openSUSE-SU-2019:2286",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"
        },
        {
          "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
        },
        {
          "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
        },
        {
          "name": "GLSA-202003-21",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202003-21"
        },
        {
          "name": "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html"
        },
        {
          "name": "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"
        },
        {
          "name": "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"
        },
        {
          "name": "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-5736",
    "datePublished": "2019-02-11T00:00:00",
    "dateReserved": "2019-01-08T00:00:00",
    "dateUpdated": "2024-08-04T20:01:52.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19921 (GCVE-0-2019-19921)

Vulnerability from cvelistv5

Published

2020-02-12 00:00

Modified

2024-08-05 02:32

Severity ?

CWE

Summary

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

References

►

URL

Tags

	https://github.com/opencontainers/runc/releases
	https://security-tracker.debian.org/tracker/CVE-2019-19921
	https://github.com/opencontainers/runc/issues/2197
	https://github.com/opencontainers/runc/pull/2190
	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2020:0688	vendor-advisory
	https://access.redhat.com/errata/RHSA-2020:0695	vendor-advisory
	https://security.gentoo.org/glsa/202003-21	vendor-advisory
	https://usn.ubuntu.com/4297-1/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html	mailing-list
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:32:09.419Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opencontainers/runc/releases"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2019-19921"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opencontainers/runc/issues/2197"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opencontainers/runc/pull/2190"
          },
          {
            "name": "openSUSE-SU-2020:0219",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html"
          },
          {
            "name": "RHSA-2020:0688",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0688"
          },
          {
            "name": "RHSA-2020:0695",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0695"
          },
          {
            "name": "GLSA-202003-21",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-21"
          },
          {
            "name": "USN-4297-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4297-1/"
          },
          {
            "name": "[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html"
          },
          {
            "name": "FEDORA-2023-1bcbb1db39",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/"
          },
          {
            "name": "FEDORA-2023-3cccbc4c95",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/"
          },
          {
            "name": "FEDORA-2023-1ba499965f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/"
          },
          {
            "name": "FEDORA-2023-9edf2145fb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/"
          },
          {
            "name": "FEDORA-2023-6e6d9065e0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-16T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/opencontainers/runc/releases"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/CVE-2019-19921"
        },
        {
          "url": "https://github.com/opencontainers/runc/issues/2197"
        },
        {
          "url": "https://github.com/opencontainers/runc/pull/2190"
        },
        {
          "name": "openSUSE-SU-2020:0219",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html"
        },
        {
          "name": "RHSA-2020:0688",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0688"
        },
        {
          "name": "RHSA-2020:0695",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0695"
        },
        {
          "name": "GLSA-202003-21",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202003-21"
        },
        {
          "name": "USN-4297-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4297-1/"
        },
        {
          "name": "[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html"
        },
        {
          "name": "FEDORA-2023-1bcbb1db39",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/"
        },
        {
          "name": "FEDORA-2023-3cccbc4c95",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/"
        },
        {
          "name": "FEDORA-2023-1ba499965f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/"
        },
        {
          "name": "FEDORA-2023-9edf2145fb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/"
        },
        {
          "name": "FEDORA-2023-6e6d9065e0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19921",
    "datePublished": "2020-02-12T00:00:00",
    "dateReserved": "2019-12-22T00:00:00",
    "dateUpdated": "2024-08-05T02:32:09.419Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-16875 (GCVE-0-2018-16875)

Vulnerability from cvelistv5

Published

2018-12-14 14:00

Modified

2024-08-05 10:32

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20

Summary

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.

References

►

URL

Tags

	http://www.securityfocus.com/bid/106230	vdb-entry, x_refsource_BID
	https://security.gentoo.org/glsa/201812-09	vendor-advisory, x_refsource_GENTOO
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875	x_refsource_CONFIRM
	https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	[UNKNOWN]	golang	Version: 1.10.6 Version: 1.11.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:32:54.282Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106230",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106230"
          },
          {
            "name": "GLSA-201812-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201812-09"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0"
          },
          {
            "name": "openSUSE-SU-2019:1079",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
          },
          {
            "name": "openSUSE-SU-2019:1444",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
          },
          {
            "name": "openSUSE-SU-2019:1499",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2019:1506",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
          },
          {
            "name": "openSUSE-SU-2019:1703",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "golang",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "1.10.6"
            },
            {
              "status": "affected",
              "version": "1.11.3"
            }
          ]
        }
      ],
      "datePublic": "2018-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-14T11:06:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "106230",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106230"
        },
        {
          "name": "GLSA-201812-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201812-09"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0"
        },
        {
          "name": "openSUSE-SU-2019:1079",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
        },
        {
          "name": "openSUSE-SU-2019:1444",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
        },
        {
          "name": "openSUSE-SU-2019:1499",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2019:1506",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
        },
        {
          "name": "openSUSE-SU-2019:1703",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-16875",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "golang",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.10.6"
                          },
                          {
                            "version_value": "1.11.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106230",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106230"
            },
            {
              "name": "GLSA-201812-09",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201812-09"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875"
            },
            {
              "name": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0",
              "refsource": "MISC",
              "url": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0"
            },
            {
              "name": "openSUSE-SU-2019:1079",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
            },
            {
              "name": "openSUSE-SU-2019:1444",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
            },
            {
              "name": "openSUSE-SU-2019:1499",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
            },
            {
              "name": "openSUSE-SU-2019:1506",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
            },
            {
              "name": "openSUSE-SU-2019:1703",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-16875",
    "datePublished": "2018-12-14T14:00:00",
    "dateReserved": "2018-09-11T00:00:00",
    "dateUpdated": "2024-08-05T10:32:54.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2024:11358-1

Vulnerability from csaf_opensuse

CVE-2016-9962 (GCVE-0-2016-9962)

Vulnerability from cvelistv5

CVE-2019-16884 (GCVE-0-2019-16884)

Vulnerability from cvelistv5

CVE-2018-16874 (GCVE-0-2018-16874)

Vulnerability from cvelistv5

CVE-2018-16873 (GCVE-0-2018-16873)

Vulnerability from cvelistv5

CVE-2021-30465 (GCVE-0-2021-30465)

Vulnerability from cvelistv5

CVE-2019-5736 (GCVE-0-2019-5736)

Vulnerability from cvelistv5

CVE-2019-19921 (GCVE-0-2019-19921)

Vulnerability from cvelistv5

CVE-2018-16875 (GCVE-0-2018-16875)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature