GHSA-gp4j-w3vj-7299

Source

https://github.com/advisories/GHSA-gp4j-w3vj-7299

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-gp4j-w3vj-7299/GHSA-gp4j-w3vj-7299.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-gp4j-w3vj-7299

Aliases

Related

CGA-hm4m-crc5-fc47

Published

2021-12-20T18:21:43Z

Modified

2024-08-21T15:58:31.243519Z

Severity

6.4 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Information Exposure in RunC

Details

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.

References

Affected packages

Go / github.com/opencontainers/runc

Package

Name: github.com/opencontainers/runc; View open source insights on deps.dev
Purl: pkg:golang/github.com/opencontainers/runc

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.0-rc3

Database specific

{
    "last_known_affected_version_range": "<= 1.0.0-rc2"
}