5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
github.com/opencontainers/runc is vulnerable to integer overflows. The vulnerability exists in container_linux.go
due to insecure handling of null bytes in mount sources which allows an attacker to bypass the namespace restrictions of the container by adding their ownNetlink payload which disables all namespaces.
bugs.chromium.org/p/project-zero/issues/detail?id=2241
github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554
github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae
github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed
github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f
lists.debian.org/debian-lts-announce/2021/12/msg00005.html
5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P