runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration

An integer overflow vulnerability was found in runC. This issue occurs due to an incorrect netlink encoder handling the possibility of an integer overflow in the 16-bit length field for the byte array attribute type. This flaw allows an attacker who can include a large enough malicious byte array...

Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration

...

runc 输入验证错误漏洞

runc is a CLI Command Line Interface tool for generating and running containers based on the OCI specification. An input validation error vulnerability exists in runc that stems from an integer overflow in netlink bytemsg length field allowing an attacker to override the netlink-based container...