blob: 0b5c5c18ba135efc6038963218649b92f9d481a2 [file] [log] [blame]
packages:
- module: github.com/opencontainers/runc
package: github.com/opencontainers/runc/libcontainer/user
symbols:
- GetExecUser
derived_symbols:
- GetExecUserPath
versions:
- fixed: 0.1.0
description: |
GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will
improperly interpret numeric UIDs as usernames. If the method is used without
verifying that usernames are formatted as expected, it may allow a user to
gain unexpected privileges.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2016-3697
ghsas:
- GHSA-q3j5-32m5-58c2
links:
pr: https://github.com/opencontainers/runc/pull/708
commit: https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091
context:
- https://github.com/docker/docker/issues/21436
- http://rhn.redhat.com/errata/RHSA-2016-1034.html
- http://rhn.redhat.com/errata/RHSA-2016-2634.html
- https://security.gentoo.org/glsa/201612-28