CVE-2019-5736

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-5736
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-5736.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-5736
Downstream
Related
Published
2019-02-11T19:29:00Z
Modified
2025-09-30T07:53:51.816314Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

References

Affected packages

Git / github.com/apache/mesos

Affected ranges

Type
GIT
Repo
https://github.com/apache/mesos
Events
Type
GIT
Repo
https://github.com/docker-archive/docker-ce
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/docker/docker
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/docker/engine
Events
Type
GIT
Repo
https://github.com/lxc/lxc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/opencontainers/runc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

1.*

1.4.0
1.4.0-rc5
1.4.1
1.4.1-rc1
1.4.2
1.4.2-rc1
1.4.3-rc1

lxc-0.*

lxc-0.6.5
lxc-0.7.0
lxc-0.7.1
lxc-0.7.2
lxc-0.7.3
lxc-0.7.4
lxc-0.7.4-rc1
lxc-0.7.5
lxc-0.8.0
lxc-0.8.0-rc2
lxc-0.9.0
lxc-0.9.0.alpha1
lxc-0.9.0.alpha2
lxc-0.9.0.alpha3
lxc-0.9.0.rc1

lxc-1.*

lxc-1.0.0
lxc-1.0.0.alpha1
lxc-1.0.0.alpha2
lxc-1.0.0.alpha3
lxc-1.0.0.beta1
lxc-1.0.0.beta2
lxc-1.0.0.beta3
lxc-1.0.0.beta4
lxc-1.0.0.rc1
lxc-1.0.0.rc2
lxc-1.0.0.rc3
lxc-1.0.0.rc4
lxc-1.1.0
lxc-1.1.0.alpha1
lxc-1.1.0.alpha2
lxc-1.1.0.alpha3
lxc-1.1.0.rc1
lxc-1.1.0.rc2
lxc-1.1.0.rc3
lxc-1.1.0.rc4

lxc-2.*

lxc-2.0.0
lxc-2.0.0.beta1
lxc-2.0.0.beta2
lxc-2.0.0.rc1
lxc-2.0.0.rc10
lxc-2.0.0.rc11
lxc-2.0.0.rc12
lxc-2.0.0.rc13
lxc-2.0.0.rc14
lxc-2.0.0.rc15
lxc-2.0.0.rc2
lxc-2.0.0.rc3
lxc-2.0.0.rc4
lxc-2.0.0.rc5
lxc-2.0.0.rc6
lxc-2.0.0.rc7
lxc-2.0.0.rc8
lxc-2.0.0.rc9
lxc-2.1.0

lxc-3.*

lxc-3.0.0
lxc-3.0.0.beta1
lxc-3.0.0.beta2
lxc-3.0.0.beta3
lxc-3.0.0.beta4
lxc-3.1.0

Other

lxc_0_1_0
lxc_0_2_0
lxc_0_2_1
lxc_0_4_0
lxc_0_5_0
lxc_0_5_1
lxc_0_5_2
lxc_0_6_0
lxc_0_6_1
lxc_0_6_2
lxc_0_6_3
lxc_0_6_4

v0.*

v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v0.1.0
v0.1.1

v1.*

v1.0.0-rc1
v1.0.0-rc2
v1.0.0-rc3
v1.0.0-rc4
v1.0.0-rc5
v1.0.0-rc6

v18.*

v18.09.0
v18.09.0-beta3
v18.09.0-beta5
v18.09.0-ce-beta1
v18.09.0-ce-tp0
v18.09.0-ce-tp3
v18.09.0-ce-tp4
v18.09.0-ce-tp5
v18.09.0-ce-tp6
v18.09.0-rc1
v18.09.1
v18.09.1-beta1
v18.09.1-beta2
v18.09.1-rc1