Lucene search
GoogleOSV:CVE-2017-18367HistoryApr 24, 2019 - 9:29 p.m.
CVE-2017-18367
2019-04-2421:29:00
Google
osv.dev
8
libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.
References
www.openwall.com/lists/oss-security/2019/04/25/6
access.redhat.com/errata/RHSA-2019:4087
access.redhat.com/errata/RHSA-2019:4090
github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e
github.com/seccomp/libseccomp-golang/issues/22
lists.debian.org/debian-lts-announce/2020/08/msg00016.html
usn.ubuntu.com/4574-1/
Related
ubuntu
ubuntu
libseccomp-golang vulnerability
2020-10-07 00:00:00
github
github
Improper Input Validation in libseccomp-golang
2021-05-18 15:44:30
osv
osv
golang-github-seccomp-libseccomp-golang vulnerability
2020-10-07 19:32:20
Improper input validation in github.com/seccomp/libseccomp-golang
2021-04-14 20:04:52
golang-github-seccomp-libseccomp-golang - security update
2020-08-10 00:00:00
debian
debian
prion
prion
Design/Logic Flaw
2019-04-24 21:29:00
cve
cve
CVE-2017-18367
2019-04-24 21:29:00
nessus
nessus
Ubuntu 16.04 LTS : libseccomp-golang vulnerability (USN-4574-1)
2020-10-08 00:00:00
Debian DLA-2320-1 : golang-github-seccomp-libseccomp-golang security update
2020-08-12 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.1 openshift (RHSA-2019:4087)
2019-12-18 00:00:00
redhatcve
redhatcve
CVE-2017-18367
2020-03-31 08:17:54
ubuntucve
ubuntucve
CVE-2017-18367
2019-04-24 00:00:00
debiancve
debiancve
CVE-2017-18367
2019-04-24 21:29:00
openvas
openvas
Ubuntu: Security Advisory (USN-4574-1)
2020-10-08 00:00:00
Debian: Security Advisory (DLA-2320-1)
2020-08-17 00:00:00
cvelist
cvelist
CVE-2017-18367
2019-04-24 20:02:19
redhat
redhat
veracode
veracode
Authorization Bypass
2019-04-25 07:59:29
nvd
nvd
CVE-2017-18367
2019-04-24 21:29:00
