Lucene search
Veracode Vulnerability DatabaseVERACODE:4065HistoryMay 02, 2017 - 7:00 a.m.
Information Disclosure
2017-05-0207:00:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.001 Low
EPSS
Percentile
28.8%
github.com/opencontainers/runc is vulnerable to information disclosure attacks. These attacks are possible because a run exec command can be ptraced by the pid 1 of the container. Using this, it allows attackers to gain access to the file-descriptors of new processes during initialization. It may also lead to container escapes and the modification of the github.com/opencontainers/runc state before a process is fully places into a container. This only happens if the main processes of the container is running as root. This transitively affects docker.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/opencontainers/runc | eq | 1.0.0-rc2 | |
| github.com/opencontainers/runc | eq | HEAD |
Related
redhat
redhat
(RHSA-2017:0123) Moderate: docker-latest security, bug fix, and enhancement update
2017-01-17 20:35:03
(RHSA-2017:0127) Moderate: runc security and bug fix update
2017-01-17 20:35:12
(RHSA-2017:0116) Moderate: docker security, bug fix, and enhancement update
2017-01-17 20:34:47
cve
cve
CVE-2016-9962
2017-01-31 22:59:01
CVE-2020-14300
2020-07-13 22:15:12
openvas
openvas
Fedora Update for docker-latest FEDORA-2017-fcd02e2c2d
2017-01-16 00:00:00
Mageia: Security Advisory (MGASA-2017-0189)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1964-1)
2021-06-09 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: docker-latest-1.12.6-2.git51ef5a8.fc25
2017-01-15 07:52:30
[SECURITY] Fedora 24 Update: docker-latest-1.12.6-1.git51ef5a8.fc24
2017-01-20 18:20:16
[SECURITY] Fedora 25 Update: docker-1.12.6-3.git51ef5a8.fc25
2017-01-13 02:25:44
ubuntucve
ubuntucve
CVE-2016-9962
2017-01-31 00:00:00
CVE-2020-14300
2020-07-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package runc version 1.0.0-alt2.gitc91b5be
2017-01-23 00:00:00
Security fix for the ALT Linux 10 package runc version 1.0.0-alt2.gitc91b5be
2017-01-23 00:00:00
cvelist
cvelist
CVE-2016-9962
2017-01-31 22:00:00
CVE-2020-14300
2020-07-13 21:02:24
nessus
nessus
RHEL 7 : runc (RHSA-2017:0127)
2017-01-18 00:00:00
Fedora 24 : 2:docker-latest (2017-c2c2d1be16)
2017-01-23 00:00:00
Fedora 25 : 1:runc (2017-20cdb2063a)
2017-08-01 00:00:00
redhatcve
redhatcve
CVE-2016-9962
2017-01-13 20:41:59
CVE-2020-14300
2020-06-23 19:26:46
nvd
nvd
CVE-2016-9962
2017-01-31 22:59:01
CVE-2020-14300
2020-07-13 22:15:12
archlinux
archlinux
[ASA-201805-11] runc: privilege escalation
2018-05-16 00:00:00
[ASA-201701-19] docker: privilege escalation
2017-01-13 00:00:00
threatpost
threatpost
Docker Patches Privilege Escalation Vulnerability
2017-01-18 14:26:35
debiancve
debiancve
CVE-2016-9962
2017-01-31 22:59:01
CVE-2020-14300
2020-07-13 22:15:12
gentoo
gentoo
runC: Privilege escalation
2017-01-12 00:00:00
amazon
amazon
Important: docker
2017-01-10 18:00:00
mageia
mageia
Updated docker packages fix security vulnerability
2017-06-28 13:01:20
osv
osv
Information Exposure in RunC
2021-12-20 18:21:43
CVE-2020-14300
2020-07-13 22:15:12
github
github
Information Exposure in RunC
2021-12-20 18:21:43
prion
prion
Design/Logic Flaw
2017-01-31 22:59:00
Code injection
2020-07-13 22:15:00
veracode
veracode
Information Disclosure
2019-01-15 09:15:26
Information Disclosure
2020-06-24 03:08:12
ibm
ibm
Security Bulletin: Vulnerabilities in docker affect PowerKVM
2018-09-26 17:55:02
oraclelinux
oraclelinux
runc security update
2019-02-11 00:00:00
docker-engine docker-engine-selinux security and bugfix update
2017-01-13 00:00:00
container-tools:1.0 security update
2021-03-05 00:00:00