Runc
CVE-2021-30465
HIGH
Severity by source
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.
AnalysisAI
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.
Technical ContextAI
This vulnerability is classified under CWE-362. runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition. Affected products include: Linuxfoundation Runc, Fedoraproject Fedora. Version information: before 1.0.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Alpine Linux: runc fixed in 1.1.12-r0
runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 8.4
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass beca
runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.3
runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.3
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linu
runc is a CLI tool for spawning and running containers according to the OCI specification. Rated medium severity (CVSS 6
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Rated medium severit
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a po
runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.8
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Rated high severity
Moby is an open-source project created by Docker to enable and accelerate software containerization. Rated medium severi
Same weakness CWE-362 – Race Condition
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today