libseccomp-golang: mishandling of multiple argument rules leading to a bypass of intended access restrictions

🗓️ 17 Dec 2019 02:18:46Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 2 Views

libseccomp-golang 0.9.0 and earlier generate BPFs that OR multiple arguments, bypassing seccomp restrictions.

Reporter	Title	Published	Views	Family All 40
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data	29 Jun 202217:05	–	ibm
BDU FSTEC	The vulnerability of the libseccomp-golang software, related to the lack of input validation mechanisms, allows attackers to compromise data integrity.	15 Mar 202100:00	–	bdu_fstec
Circl	CVE-2017-18367	25 Apr 201900:38	–	circl
CVE	CVE-2017-18367	24 Apr 201920:02	–	cve
Cvelist	CVE-2017-18367	24 Apr 201920:02	–	cvelist
Debian	[SECURITY] [DLA 2320-1] golang-github-seccomp-libseccomp-golang security update	11 Aug 202008:37	–	debian
Debian CVE	CVE-2017-18367	24 Apr 201920:02	–	debiancve
Tenable Nessus	Debian DLA-2320-1 : golang-github-seccomp-libseccomp-golang security update	12 Aug 202000:00	–	nessus
Tenable Nessus	NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Multiple Vulnerabilities (NS-SA-2020-0082)	9 Dec 202000:00	–	nessus
Tenable Nessus	NewStart CGSL CORE 5.05 / MAIN 5.05 : docker-ce Multiple Vulnerabilities (NS-SA-2021-0138)	27 Oct 202100:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	x86_64	openshift-clients	0:4.1.27-201912021146.git.0.a40116f.el7	openshift-clients-0:4.1.27-201912021146.git.0.a40116f.el7.x86_64.rpm
Red Hat Enterprise Linux	8	x86_64	openshift-clients	0:4.1.27-201912021146.git.0.a40116f.el8_0	openshift-clients-0:4.1.27-201912021146.git.0.a40116f.el8_0.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	openshift-clients-redistributable	0:4.1.27-201912021146.git.0.a40116f.el7	openshift-clients-redistributable-0:4.1.27-201912021146.git.0.a40116f.el7.x86_64.rpm
Red Hat Enterprise Linux	8	x86_64	openshift-clients-redistributable	0:4.1.27-201912021146.git.0.a40116f.el8_0	openshift-clients-redistributable-0:4.1.27-201912021146.git.0.a40116f.el8_0.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	openshift-hyperkube	0:4.1.27-201912021146.git.0.a40116f.el7	openshift-hyperkube-0:4.1.27-201912021146.git.0.a40116f.el7.x86_64.rpm
Red Hat Enterprise Linux	8	x86_64	openshift-hyperkube	0:4.1.27-201912021146.git.0.a40116f.el8_0	openshift-hyperkube-0:4.1.27-201912021146.git.0.a40116f.el8_0.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2017-18367
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-18367
cve	www.cve.org/CVERecord

27 Feb 2026 07:49Current

7.3High risk

Vulners AI Score7.3

CVSS 25

CVSS 37.5

EPSS0.0245

libseccomp-golang multiple arguments access restrictions bypass vulnerability seccomp filter version 0.9.0