reports/GO-2021-0070.yaml - vulndb - Git at Google

 module: github.com/opencontainers/runc
 package: github.com/opencontainers/runc/libcontainer/user
 versions:
   - fixed: v0.1.0
 description: |
     GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will
     improperly interpret numeric UIDs as usernames. If the method is used without
     verifying that usernames are formatted as expected, it may allow a user to
     gain unexpected privileges.
 cves:
   - CVE-2016-3697
 symbols:
   - GetExecUser
 derived_symbols:
   - GetExecUserPath
 links:
     pr: https://github.com/opencontainers/runc/pull/708
     commit: https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091
     context:
       - https://github.com/docker/docker/issues/21436
       - http://rhn.redhat.com/errata/RHSA-2016-1034.html
       - http://rhn.redhat.com/errata/RHSA-2016-2634.html
       - https://security.gentoo.org/glsa/201612-28
	module: github.com/opencontainers/runc
	package: github.com/opencontainers/runc/libcontainer/user
	versions:
	- fixed: v0.1.0
	description: \|
	GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will
	improperly interpret numeric UIDs as usernames. If the method is used without
	verifying that usernames are formatted as expected, it may allow a user to
	gain unexpected privileges.
	cves:
	- CVE-2016-3697
	symbols:
	- GetExecUser
	derived_symbols:
	- GetExecUserPath
	links:
	pr: https://github.com/opencontainers/runc/pull/708
	commit: https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091
	context:
	- https://github.com/docker/docker/issues/21436
	- http://rhn.redhat.com/errata/RHSA-2016-1034.html
	- http://rhn.redhat.com/errata/RHSA-2016-2634.html
	- https://security.gentoo.org/glsa/201612-28