runc vulnerabilities

Known vulnerabilities in the runc package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Use of Uninitialized Variable	*
L Directory Traversal	*
L Directory Traversal	*
L Directory Traversal	*
H Memory Leak	*
M Improper Input Validation	*
H Information Exposure	<0:1.0.0-70.rc10.el7_9
H Information Exposure	*
M Information Exposure	*
M CVE-2023-39321	*
M Allocation of Resources Without Limits or Throttling	*
M Resource Exhaustion	*
M Directory Traversal	*
M Incorrect Default Permissions	*
M Incorrect Default Permissions	*
M Incorrect Default Permissions	*
M Incorrect Default Permissions	*
M Authentication Bypass by Primary Weakness	*
M Authentication Bypass by Primary Weakness	*
M Authentication Bypass by Primary Weakness	*
M Improper Input Validation	<0:1.0.0-24.rc4.dev.gitc6e4a1e.el7
M Improper Authorization	<0:1.0.0-24.rc4.dev.gitc6e4a1e.el7
M Race Condition	<0:1.0.0-1.rc2.el7
M Improper Input Validation	<0:1.0.0-95.rhaos4.8.gitcd80260.el7
M Improper Input Validation	<0:1.0.0-95.rhaos4.8.gitcd80260.el7
M Improper Output Neutralization for Logs	<0:1.0.0-81.rhaos4.6.git5b757d4.el7
M Improper Validation of Certificate with Host Mismatch	<0:1.0.0-81.rhaos4.6.git5b757d4.el7
M Missing Authorization	<0:1.0.0-81.rhaos4.6.git5b757d4.el7
M Directory Traversal	<0:1.0.0-81.rhaos4.6.git5b757d4.el7
M Insufficiently Protected Credentials	<0:1.0.0-81.rhaos4.6.git5b757d4.el7
M Resource Exhaustion	*
M Path Equivalence	*
M Path Equivalence	*
M Path Equivalence	*
M Path Equivalence	*
M CVE-2022-41715	*
M Directory Traversal	*
L Resource Exhaustion	*
M Improperly Controlled Sequential Memory Allocation	*
L Incorrect Default Permissions	*
L Incorrect Default Permissions	*
L Incorrect Default Permissions	*
L Incorrect Default Permissions	*
L Insufficient Entropy	*
M Integer Overflow or Wraparound	*
M Information Exposure	*
L Integer Overflow or Wraparound	*
H Time-of-check Time-of-use (TOCTOU)	<0:1.0.0-69.rc10.el7_9
H Time-of-check Time-of-use (TOCTOU)	<0:1.0.0-87.rhaos4.6.git23384e2.el7
H Time-of-check Time-of-use (TOCTOU)	<0:1.0.0-69.rc10.el7_9
H Time-of-check Time-of-use (TOCTOU)	<0:1.0.0-74.rhaos4.5.gitd2c3b70.el7
H Time-of-check Time-of-use (TOCTOU)	<0:1.0.0-96.rhaos4.8.gitcd80260.el7
M Improper Cross-boundary Removal of Sensitive Data	<0:1.0.0-81.rhaos4.6.git5b757d4.el7
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:1.0.0-81.rhaos4.6.git5b757d4.el7
M Path Equivalence	<0:1.0.0-66.rc10.rhaos4.3.el7_8
M Path Equivalence	<0:1.0.0-66.rc8.el7_7
M Path Equivalence	*
M Path Equivalence	*
M Path Equivalence	<0:1.0.0-67.rc10.el7_8
M Incorrect Calculation	<0:1.0.0-95.rhaos4.8.gitcd80260.el7
M Improper Certificate Validation	<0:1.0.0-95.rhaos4.8.gitcd80260.el7
M Race Condition	<0:1.0.0-81.rhaos4.6.git5b757d4.el7
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:1.0.0-81.rhaos4.6.git5b757d4.el7
H Operation on a Resource after Expiration or Release	*
H Operation on a Resource after Expiration or Release	<0:1.0.0-59.dev.git2abd837.el7
M Information Exposure	<0:1.0.0-95.rhaos4.8.gitcd80260.el7
M Resource Exhaustion	<0:1.0.0-95.rhaos4.8.gitcd80260.el7

Vulnerability

Vulnerable Version

Use of Uninitialized Variable