github.com/opencontainers/runc is vulnerable to integer overflows. The vulnerability exists in container_linux.go
due to insecure handling of null bytes in mount sources which allows an attacker to bypass the namespace restrictions of the container by adding their ownNetlink payload which disables all namespaces.
bugs.chromium.org/p/project-zero/issues/detail?id=2241
github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554
github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae
github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed
github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f
lists.debian.org/debian-lts-announce/2021/12/msg00005.html