Lucene search
GoogleOSV:CVE-2019-18837HistoryNov 13, 2019 - 8:15 p.m.
CVE-2019-18837
2019-11-1320:15:10
Google
osv.dev
6
An issue was discovered in crun before 0.10.5. With a crafted image, it doesn’t correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c.
References
github.com/containers/crun/pull/173
github.com/containers/crun/releases/tag/0.10.5
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTA5SJUAKQUK6HRY2CZVJUIZP5BO3EOG/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITB2UNEGHXZUR3ATYHWPSK5LJB36N7AP/
Related
prion
prion
Code injection
2019-11-13 20:15:00
nessus
nessus
Fedora 31 : crun (2019-1ba2a6e386)
2019-11-12 00:00:00
Fedora 30 : crun (2019-80a2646798)
2019-11-12 00:00:00
cvelist
cvelist
CVE-2019-18837
2019-11-13 20:01:16
openvas
openvas
Fedora Update for crun FEDORA-2019-80a2646798
2019-11-12 00:00:00
Fedora Update for crun FEDORA-2019-1ba2a6e386
2020-01-09 00:00:00
cve
cve
CVE-2019-18837
2019-11-13 20:15:10
ubuntucve
ubuntucve
CVE-2019-18837
2019-11-13 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: crun-0.10.5-2.fc31
2019-11-12 02:22:28
[SECURITY] Fedora 30 Update: crun-0.10.5-2.fc30
2019-11-12 02:09:36
nvd
nvd
CVE-2019-18837
2019-11-13 20:15:10
debiancve
debiancve
CVE-2019-18837
2019-11-13 20:15:10