reports/GO-2021-0070.toml - vuln - Git at Google

 module = "github.com/opencontainers/runc"
 package = "github.com/opencontainers/runc/libcontainer/user"

 description = """
 GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will
 improperly interpred numeric UIDs as usernames. If the method is used without
 verify usernames are formatted as expected, it may allow a user to gain unexpected
 privileges.
 """

 cve = "CVE-2016-3697"

 symbols = ["GetExecUser"]

 published = "2021-04-14T12:00:00Z"

 [[versions]]
 fixed = "v0.1.0"

 [links]
 commit = "https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091"
 pr = "https://github.com/opencontainers/runc/pull/708"
 context = [
     "https://github.com/docker/docker/issues/21436",
     "http://rhn.redhat.com/errata/RHSA-2016-1034.html",
     "http://rhn.redhat.com/errata/RHSA-2016-2634.html",
     "https://security.gentoo.org/glsa/201612-28"
 ]
	module = "github.com/opencontainers/runc"
	package = "github.com/opencontainers/runc/libcontainer/user"

	description = """
	GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will
	improperly interpred numeric UIDs as usernames. If the method is used without
	verify usernames are formatted as expected, it may allow a user to gain unexpected
	privileges.
	"""

	cve = "CVE-2016-3697"

	symbols = ["GetExecUser"]

	published = "2021-04-14T12:00:00Z"

	[[versions]]
	fixed = "v0.1.0"

	[links]
	commit = "https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091"
	pr = "https://github.com/opencontainers/runc/pull/708"
	context = [
	"https://github.com/docker/docker/issues/21436",
	"http://rhn.redhat.com/errata/RHSA-2016-1034.html",
	"http://rhn.redhat.com/errata/RHSA-2016-2634.html",
	"https://security.gentoo.org/glsa/201612-28"
	]