data/reports/GO-2022-0274.yaml

id: GO-2022-0274
modules:
    - module: github.com/opencontainers/runc
      versions:
        - introduced: 1.0.1-0.20211012131345-9c444070ec7b
          fixed: 1.1.0
      vulnerable_at: 1.0.1-0.20211012131345-9c444070ec7b
      packages:
        - package: github.com/opencontainers/runc/libcontainer
          symbols:
            - Bytemsg.Serialize
          derived_symbols:
            - LinuxFactory.StartInitialization
            - linuxContainer.Run
            - linuxContainer.Start
            - linuxStandardInit.Init
summary: Namespace restriction bypass in github.com/opencontainers/runc
description: |-
    An attacker with partial control over the bind mount sources of a new container
    can bypass namespace restrictions.
published: 2022-07-15T23:08:20Z
cves:
    - CVE-2021-43784
ghsas:
    - GHSA-v95c-p5hm-xq8f
references:
    - fix: https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed
    - web: https://github.com/opencontainers/runc/commit/dde509df4e28cec33b3c99c6cda3d4fd5beafc77
    - web: https://bugs.chromium.org/p/project-zero/issues/detail?id=2241