Skip to main content

Runc CVE-2021-43784

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2021-12-06 security-advisories@github.com
5.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Dec 06, 2021 - 18:15 nvd
MEDIUM 5.0

DescriptionNVD

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.

AnalysisAI

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug. Affected products include: Linuxfoundation Runc, Debian Debian Linux. Version information: prior to 1.0.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

More in Runc

View all
CVE-2024-21626 HIGH POC
8.6

Alpine Linux: runc fixed in 1.1.12-r0

CVE-2025-52565 HIGH POC
8.4 Nov 06

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 8.4

CVE-2019-16884 HIGH POC
7.5 Sep 25

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass beca

CVE-2025-52881 HIGH POC
7.3 Nov 06

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.3

CVE-2025-31133 HIGH POC
7.3 Nov 06

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.3

CVE-2023-27561 HIGH POC
7.0 Mar 03

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linu

CVE-2023-25809 MEDIUM POC
6.3 Mar 29

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated medium severity (CVSS 6

CVE-2021-30465 HIGH
8.5 May 27

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. Rated high severity (CVSS 8.5), t

CVE-2016-3697 HIGH
7.8 Jun 01

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a po

CVE-2023-28642 HIGH
7.8 Mar 29

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.8

CVE-2022-29162 HIGH
7.8 May 17

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Rated high severity

CVE-2022-24769 MEDIUM
5.9 Mar 24

Moby is an open-source project created by Docker to enable and accelerate software containerization. Rated medium severi

Share

CVE-2021-43784 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy