| id: GO-2021-0070 |
| modules: |
| - module: github.com/opencontainers/runc |
| versions: |
| - fixed: 0.1.0 |
| vulnerable_at: 0.0.9 |
| packages: |
| - package: github.com/opencontainers/runc/libcontainer/user |
| symbols: |
| - GetExecUser |
| derived_symbols: |
| - GetExecUserPath |
| summary: Privilege escalation in github.com/opencontainers/runc |
| description: |- |
| GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will |
| improperly interpret numeric UIDs as usernames. If the method is used without |
| verifying that usernames are formatted as expected, it may allow a user to gain |
| unexpected privileges. |
| published: 2021-04-14T20:04:52Z |
| cves: |
| - CVE-2016-3697 |
| ghsas: |
| - GHSA-q3j5-32m5-58c2 |
| references: |
| - fix: https://github.com/opencontainers/runc/pull/708 |
| - fix: https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091 |
| - web: https://github.com/docker/docker/issues/21436 |
| - web: http://rhn.redhat.com/errata/RHSA-2016-1034.html |
| - web: http://rhn.redhat.com/errata/RHSA-2016-2634.html |
| - web: https://security.gentoo.org/glsa/201612-28 |
| review_status: REVIEWED |