Homepage

runc vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the runc package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
Incorrect Authorization

*
  • L
Incorrect Authorization

*
  • L
Incorrect Authorization

*
  • L
Incorrect Authorization

*
  • H
Information Exposure

<4:1.1.12-1.el9_3
  • M
Information Exposure

<4:1.1.12-2.el9
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • M
Authentication Bypass by Primary Weakness

<4:1.1.9-1.el9
  • M
Path Equivalence

<4:1.1.9-1.el9
  • M
Incorrect Default Permissions

<4:1.1.9-1.el9
  • M
Resource Exhaustion

<4:1.1.9-1.el9
  • M
Integer Overflow or Wraparound

<4:1.1.9-1.el9
  • M
Allocation of Resources Without Limits or Throttling

<4:1.1.9-2.el9_3
  • M
CVE-2023-39321

<4:1.1.9-2.el9_3
  • M
Resource Exhaustion

<4:1.1.9-2.el9_3
  • M
Information Exposure

<4:1.1.12-2.el9
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • H
Information Exposure

<4:1.1.12-1.el9_3
  • M
Allocation of Resources Without Limits or Throttling

<4:1.1.9-2.el9_3
  • M
CVE-2023-39321

<4:1.1.9-2.el9_3
  • M
Resource Exhaustion

<4:1.1.9-2.el9_3
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<4:1.1.13-4.el9
  • M
Authentication Bypass by Primary Weakness

<4:1.1.9-1.el9
  • M
Path Equivalence

<4:1.1.9-1.el9
  • M
Incorrect Default Permissions

<4:1.1.9-1.el9
  • M
Resource Exhaustion

<4:1.1.9-1.el9
  • M
Integer Overflow or Wraparound

<4:1.1.9-1.el9
  • M
Information Exposure

<4:1.1.12-2.el9
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • M
Allocation of Resources Without Limits or Throttling

<4:1.1.9-2.el9_3
  • M
CVE-2023-39321

<4:1.1.9-2.el9_3
  • M
Resource Exhaustion

<4:1.1.9-2.el9_3
  • H
Information Exposure

<4:1.1.12-1.el9_3
  • M
Authentication Bypass by Primary Weakness

<4:1.1.9-1.el9
  • M
Path Equivalence

<4:1.1.9-1.el9
  • M
Incorrect Default Permissions

<4:1.1.9-1.el9
  • M
Resource Exhaustion

<4:1.1.9-1.el9
  • M
Integer Overflow or Wraparound

<4:1.1.9-1.el9
  • M
Improper Input Validation

<4:1.1.12-4.el9_4
  • M
Improper Input Validation

<4:1.1.12-4.el9_4
  • M
Improper Input Validation

<4:1.1.12-4.el9_4
  • H
Memory Leak

<4:1.1.12-3.el9_4
  • H
Memory Leak

<4:1.1.12-3.el9_4
  • H
Memory Leak

<4:1.1.12-3.el9_4
  • M
Information Exposure

*
  • L
Improper Verification of Cryptographic Signature

*
  • L
Improper Verification of Cryptographic Signature

*
  • M
Use of Uninitialized Variable

*
  • M
Use of Uninitialized Variable

*
  • M
Use of Uninitialized Variable

*
  • M
Improper Input Validation

<4:1.1.12-4.el9_4
  • L
Directory Traversal

*
  • H
Memory Leak

<4:1.1.12-3.el9_4
  • M
Information Exposure

<4:1.1.12-2.el9
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • H
Information Exposure

<4:1.1.12-1.el9_3
  • M
Authentication Bypass by Primary Weakness

<4:1.1.9-1.el9
  • M
Path Equivalence

<4:1.1.9-1.el9
  • M
Incorrect Default Permissions

<4:1.1.9-1.el9
  • M
Resource Exhaustion

<4:1.1.9-1.el9
  • M
Integer Overflow or Wraparound

<4:1.1.9-1.el9
  • L
Incorrect Default Permissions

<4:1.1.4-1.el9
  • M
Allocation of Resources Without Limits or Throttling

<4:1.1.9-2.el9_3
  • M
CVE-2023-39321

<4:1.1.9-2.el9_3
  • M
Resource Exhaustion

<4:1.1.9-2.el9_3
  • H
Resource Exhaustion

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Improper Validation of Integrity Check Value

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Resource Exhaustion

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Arbitrary Code Injection

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Misinterpretation of Input

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Improper Input Validation

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Information Exposure

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Incorrect Behavior Order

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Improper Validation of Integrity Check Value

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Resource Exhaustion

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Arbitrary Code Injection

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Misinterpretation of Input

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Improper Input Validation

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Improper Input Validation

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Information Exposure

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Incorrect Behavior Order

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Resource Exhaustion

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Cross-site Scripting (XSS)

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Resource Exhaustion

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Cross-site Scripting (XSS)

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Cross-site Scripting (XSS)

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Resource Exhaustion

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Resource Exhaustion

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Use of a Broken or Risky Cryptographic Algorithm

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Use After Free

<4:1.1.9-2.1.rhaos4.14.el9
  • H
CVE-2023-2728

<4:1.1.9-2.1.rhaos4.14.el9
  • H
CVE-2023-2727

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Resource Exhaustion

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Resource Exhaustion

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Cross-site Scripting (XSS)

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Resource Exhaustion

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Allocation of Resources Without Limits or Throttling

<4:1.1.9-2.1.rhaos4.14.el9
  • H
CVE-2023-39321

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Cross-site Scripting (XSS)

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Cross-site Scripting (XSS)

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Resource Exhaustion

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Resource Exhaustion

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Use of a Broken or Risky Cryptographic Algorithm

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Use After Free

<4:1.1.9-2.1.rhaos4.14.el9
  • H
CVE-2023-2728

<4:1.1.9-2.1.rhaos4.14.el9
  • H
CVE-2023-2727

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Resource Exhaustion

<4:1.1.9-2.1.rhaos4.14.el9
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • H
Resource Exhaustion

<4:1.1.12-1.2.rhaos4.14.el9
  • H
Memory Leak

<4:1.1.12-1.1.rhaos4.13.el9
  • H
Memory Leak

<4:1.1.12-1.2.rhaos4.14.el9
  • H
Resource Exhaustion

<4:1.1.12-1.2.rhaos4.14.el9
  • H
Improper Handling of Highly Compressed Data (Data Amplification)

<4:1.1.12-1.1.rhaos4.15.el9
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<4:1.1.12-1.1.rhaos4.15.el9
  • H
Memory Leak

<4:1.1.12-1.1.rhaos4.15.el9
  • H
Memory Leak

<4:1.1.12-3.el9_4
  • H
Memory Leak

<4:1.1.12-1.2.rhaos4.14.el9
  • M
Improper Input Validation

*
  • H
Improper Input Validation

<4:1.1.12-3.1.rhaos4.16.el9
  • H
Truncation of Security-relevant Information

<4:1.1.12-1.rhaos4.15.el9
  • H
Information Exposure

<4:1.1.12-1.rhaos4.15.el9
  • H
Resource Exhaustion

<4:1.1.12-1.rhaos4.15.el9
  • H
Resource Exhaustion

<4:1.1.12-1.rhaos4.15.el9
  • H
Information Exposure

<4:1.1.12-1.el9_2
  • H
Information Exposure

<4:1.1.12-1.el9_2
  • H
Information Exposure

<4:1.1.12-1.el9_2
  • H
Information Exposure

<4:1.1.12-1.el9_0
  • H
Information Exposure

<4:1.1.12-1.el9_0
  • M
Information Exposure

<4:1.1.12-1.rhaos4.13.el9
  • M
Information Exposure

<4:1.1.12-1.rhaos4.14.el9
  • M
Information Exposure

<4:1.1.12-1.rhaos4.14.el9
  • H
Information Exposure

<4:1.1.12-1.el9_3
  • M
Information Exposure

<4:1.1.12-2.el9
  • M
CVE-2023-39321

<4:1.1.9-2.el9_3
  • H
CVE-2023-39321

<4:1.1.9-2.1.rhaos4.14.el9
  • H
Allocation of Resources Without Limits or Throttling

<4:1.1.9-2.1.rhaos4.14.el9
  • M
Allocation of Resources Without Limits or Throttling

<4:1.1.9-2.el9_3
  • M
Resource Exhaustion

<4:1.1.9-2.el9_3
  • H
Resource Exhaustion

<4:1.1.9-2.1.rhaos4.14.el9
  • M
Incorrect Default Permissions

*
  • M
Incorrect Default Permissions

<4:1.1.9-1.el9
  • M
Authentication Bypass by Primary Weakness

<4:1.1.9-1.el9
  • M
Resource Exhaustion

<4:1.1.9-1.el9
  • M
Path Equivalence

<4:1.1.9-1.el9
  • M
CVE-2022-41715

*
  • M
CVE-2022-41715

*
  • M
Directory Traversal

*
  • L
Resource Exhaustion

*
  • L
Resource Exhaustion

*
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • M
Improperly Controlled Sequential Memory Allocation

*
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • M
Improperly Controlled Sequential Memory Allocation

<4:1.1.12-2.el9
  • L
Incorrect Default Permissions

<4:1.1.4-1.el9
  • L
Incorrect Default Permissions

<4:1.1.4-1.el9
  • L
Incorrect Default Permissions

*
  • L
Incorrect Default Permissions

<4:1.1.4-1.el9
  • L
Incorrect Default Permissions

<4:1.1.4-1.el9
  • L
Insufficient Entropy

*
  • L
Insufficient Entropy

*
  • M
Integer Overflow or Wraparound

*
  • M
Buffer Overflow

*
  • M
Resource Exhaustion

*
  • M
Unchecked Return Value

*
  • M
Incorrect Authorization

*
  • M
Integer Overflow or Wraparound

*
  • M
Information Exposure

*
  • M
Integer Overflow or Wraparound

<4:1.1.9-1.el9
  • H
Time-of-check Time-of-use (TOCTOU)

*
  • M
Path Equivalence

*
  • M
Path Equivalence

*
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Improper Input Validation

*