CVE-2021-30465

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-30465
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30465.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-30465
Aliases
Downstream
Related
Published
2021-05-27T13:15:08.077Z
Modified
2026-03-15T22:40:24.974684Z
Severity
  • 8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.

References

Affected packages

Git / github.com/opencontainers/runc

Affected ranges

Type
GIT
Repo
https://github.com/opencontainers/runc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
baf6536d6259209c3edfa2b22237af82942d3dfa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
04f275d4601ca7e5ff9460cec7f65e8dd15443ec
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dc9208a3303feef5b3839f4323d9beb36df0a9dd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c91b5bea4830a57eac7882d7455d59518cdf70ec
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
75f8da7c889acc4509a0cf6f0d3a8f9584778375
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2e7cfe036e2c6dc51ccca6eb7fa3ee6b63976dcd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4fc53a81fb7c994640722ac585fa9ca548971871
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ccb5efd37fb7c86364786e9137e22948751de7ed
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
69ae5da6afdcaaf38285a10b36f362e41cb298d6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
425e105d5a03fabd737a126ad93d62a9eeede87f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d736ef14f0288d6993a1845745d6756cfc9ddd5a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dc9208a3303feef5b3839f4323d9beb36df0a9dd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
24a3cf88a7ae5f4995f6750654c0e2ca61ef4bb2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ff819c7e9184c13b7c2607fe6c30ae19403a7aff
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
12644e614e25b05da6fd08a38ffa0cfe1903fdec
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2c7861bc5e1b3e756392236553ec14a78a09f8bf
Fixed
0ca91f44f1664da834bc61115a849b56d22f595f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc90"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc91"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc92"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc93"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-rc94"
        }
    ]
}

Affected versions

v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v0.1.0
v0.1.1
v1.*
v1.0.0-rc1
v1.0.0-rc10
v1.0.0-rc2
v1.0.0-rc3
v1.0.0-rc4
v1.0.0-rc5
v1.0.0-rc6
v1.0.0-rc7
v1.0.0-rc8
v1.0.0-rc9
v1.0.0-rc90
v1.0.0-rc91
v1.0.0-rc92
v1.0.0-rc93
v1.0.0-rc94

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30465.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    }
]