data/reports/GO-2022-0274.yaml - vulndb - Git at Google

 modules:
   - module: github.com/opencontainers/runc
     versions:
       - introduced: 1.0.1-0.20211012131345-9c444070ec7b
         fixed: 1.1.0
     vulnerable_at: 1.0.1-0.20211012131345-9c444070ec7b
     packages:
       - package: github.com/opencontainers/runc/libcontainer
         symbols:
           - Bytemsg.Serialize
         derived_symbols:
           - LinuxFactory.StartInitialization
           - linuxContainer.Run
           - linuxContainer.Start
           - linuxStandardInit.Init
 description: |
     An attacker with partial control over the bind mount sources of a new
     container can bypass namespace restrictions.
 published: 2022-07-15T23:08:20Z
 cves:
   - CVE-2021-43784
 ghsas:
   - GHSA-v95c-p5hm-xq8f
 references:
   - fix: https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed
   - web: https://github.com/opencontainers/runc/commit/dde509df4e28cec33b3c99c6cda3d4fd5beafc77
   - web: https://bugs.chromium.org/p/project-zero/issues/detail?id=2241
	modules:
	- module: github.com/opencontainers/runc
	versions:
	- introduced: 1.0.1-0.20211012131345-9c444070ec7b
	fixed: 1.1.0
	vulnerable_at: 1.0.1-0.20211012131345-9c444070ec7b
	packages:
	- package: github.com/opencontainers/runc/libcontainer
	symbols:
	- Bytemsg.Serialize
	derived_symbols:
	- LinuxFactory.StartInitialization
	- linuxContainer.Run
	- linuxContainer.Start
	- linuxStandardInit.Init
	description: \|
	An attacker with partial control over the bind mount sources of a new
	container can bypass namespace restrictions.
	published: 2022-07-15T23:08:20Z
	cves:
	- CVE-2021-43784
	ghsas:
	- GHSA-v95c-p5hm-xq8f
	references:
	- fix: https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed
	- web: https://github.com/opencontainers/runc/commit/dde509df4e28cec33b3c99c6cda3d4fd5beafc77
	- web: https://bugs.chromium.org/p/project-zero/issues/detail?id=2241