Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Runc
(Linuxfoundation)| Repositories | https://github.com/opencontainers/runc |
| #Vulnerabilities | 12 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-29 | CVE-2023-28642 | runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. | Runc | 7.8 | ||
| 2016-06-01 | CVE-2016-3697 | libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. | Docker, Runc, Opensuse | 7.8 |