Lucene search
K

7 matches found

OSV
OSV
added last week3 views

GO-2026-5761 Malicious image with /dev symlink can trigger limited host filesystem integrity violations in github.com/opencontainers/runc

Malicious image with /dev symlink can trigger limited host filesystem integrity violations in github.com/opencontainers/runc...

3.3CVSS5.9AI score0.00222EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 12:2 a.m.29 views

CVE-2026-41579

Technical details beyond the Initial Description are not provided in the connected documents; monitor for updates.

3.3CVSS5.9AI score0.00222EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/07/01 12:2 a.m.11 views

CVE-2026-41579

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS5.9AI score0.00222EPSS
Exploits0
Cvelist
Cvelist
added 2026/07/01 12:2 a.m.37 views

CVE-2026-41579 runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS0.00222EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/22 8:1 p.m.7 views

runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

Impact When setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names a...

3.3CVSS5.7AI score0.00222EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/22 8:1 p.m.17 views

GHSA-XJVP-4FHW-GC47 runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

Impact When setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names a...

4.8CVSS5.7AI score0.00222EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 7:17 a.m.2 views

SUSE-SU-2026:22247-1 Security update for crun

This update for crun fixes the following issue - CVE-2026-47766: crun follows rootfs /dev symlink while creating default devices bsc1268302...

5.8AI score0.00024EPSS
Exploits0References3
Rows per page
Query Builder