runc

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	CLI tool for managing OCI compliant containers
Version	1.2.1-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2707	1.1.1-1	1.1.2-1	Low	Not affected
AVG-2599	1.0.2-2	1.0.3-1	Low	Fixed
AVG-1972	1.0.0rc94-1	1.0.0rc95-1	High	Fixed
AVG-878	1.0.0rc5+168+g079817cc-1	1.0.0rc6-1	High	Fixed
AVG-134	0.1.1-4	1.0.0rc5+19+g69663f0b-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2022-29162	AVG-2707	Low	No	Incorrect calculation	A non-exploitable security flaw was found in runc resulting in an atypical Linux environment inside containers.
CVE-2021-43784	AVG-2599	Low	Yes	Arbitrary code execution	In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of our code (responsible...
CVE-2021-30465	AVG-1972	High	No	Sandbox escape	runc 1.0.0-rc94 and earlier are vulnerable to a symlink exchange attack where an attacker with the ability to start containers using a custom volume...
CVE-2019-5736	AVG-878	High	Yes	Privilege escalation	A vulnerability discovered in runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary...
CVE-2016-9962	AVG-134	High	No	Privilege escalation	The runc component used by `docker exec` feature of docker allowed additional container processes to be ptraced by the pid 1 of the container. This allows...

Advisories

Date	Advisory	Group	Severity	Type
25 May 2021	ASA-202105-17	AVG-1972	High	sandbox escape
11 Feb 2019	ASA-201902-6	AVG-878	High	privilege escalation
16 May 2018	ASA-201805-11	AVG-134	High	privilege escalation