CVE-2016-3697

🗓️ 01 Jun 2016 20:00:00Reported by redhatType

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container

Reporter	Title	Published	Views	Family All 78
IBM Security Bulletins	Security Bulletin: Docker and Python as used in IBM QRadar SIEM is vulnerable to various CVEs.	16 Jun 201822:01	–	ibm
CBLMariner	CVE-2016-3697 affecting package moby-buildx 0.4.1-3	8 Jul 202121:56	–	cbl_mariner
CNVD	Docker Privilege Acquisition Vulnerability	15 May 201600:00	–	cnvd
Cvelist	CVE-2016-3697	1 Jun 201620:00	–	cvelist
Debian CVE	CVE-2016-3697	1 Jun 201620:00	–	debiancve
Oracle linux	docker-engine security update	20 May 201600:00	–	oraclelinux
Tenable Nessus	EulerOS 2.0 SP1 : docker (EulerOS-SA-2016-1016)	1 May 201700:00	–	nessus
Tenable Nessus	Fedora 23 : 2:docker (2016-6a0d540088)	14 Jul 201600:00	–	nessus
Tenable Nessus	Fedora 24 : 2:docker (2016-6ef52e1fc3)	14 Jul 201600:00	–	nessus
Tenable Nessus	GLSA-201612-28 : Docker: Privilege escalation	12 Dec 201600:00	–	nessus

NVD

Node

docker dockerRange≤1.11.1

Node

linuxfoundation runcRange≤0.0.9

Node

opensuse opensuseMatch13.2

Source	Link
github	www.github.com/opencontainers/runc/releases/tag/v0.1.0
lists	www.lists.opensuse.org/opensuse-updates/2016-05/msg00111.html
github	www.github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091
security	www.security.gentoo.org/glsa/201612-28
rhn	www.rhn.redhat.com/errata/RHSA-2016-2634.html
github	www.github.com/docker/docker/issues/21436
github	www.github.com/opencontainers/runc/pull/708
rhn	www.rhn.redhat.com/errata/RHSA-2016-1034.html

06 May 2026 22:30Current

7.4High risk

Vulners AI Score7.4

CVSS 22.1

CVSS 3.17.8

EPSS0.00069

CWE-264