AZL-25851 CVE-2023-25809 affecting package moby-runc for versions less than 1.1.5-1

🗓️ 29 Mar 2023 19:15:22Reported by GoogleType

osv🔗 osv.dev👁 2 Views

Vulnerability in moby-runc below 1.1.5-1 may allow rootless runc to write to host cgroup; upgrade to 1.1.5 or mask paths.

Reporter	Title	Published	Views	Family All 159
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator	28 Aug 202308:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	31 May 202317:22	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	31 May 202317:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Edge Application Manager 4.5.1 addresses multiple security vulnerabilities	31 May 202322:20	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.	18 Aug 202504:31	–	ibm
IBM Security Bulletins	Security Bulletin: Denial of service, SQL injection, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service	24 Feb 202523:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to the go compiler	8 Aug 202414:17	–	ibm
ALT Linux	Security fix for the ALT Linux 10 package runc version 1.1.5-alt1	20 Apr 202300:00	–	altlinux
Tenable Nessus	Amazon Linux 2023 : runc (ALAS2023-2023-208)	13 Jun 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : runc (ALASDOCKER-2023-025)	6 Jun 202300:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-25809

21 Apr 2026 04:23Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.16.3

EPSS0.00037