<p>Upgrade <code>github.com/opencontainers/runc/libcontainer</code> to version 1.0.3 or higher.</p>

libcontainer package, versions <1.0.3

Threat Intelligence

0.82% (83^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-GOLANG-GITHUBCOMOPENCONTAINERSRUNCLIBCONTAINER-2309909
published 6 Dec 2021
disclosed 6 Dec 2021
credit Felix Wilhelm

Report a new vulnerability Found a mistake?

Introduced: 6 Dec 2021

CVE-2021-43784 Open this link in a new tab CWE-119 Open this link in a new tab CWE-120 Open this link in a new tab

How to fix?

Upgrade github.com/opencontainers/runc/libcontainer to version 1.0.3 or higher.

Overview

github.com/opencontainers/runc/libcontainer is a package for a modern container runtime.

Affected versions of this package are vulnerable to Buffer Overflow when writing netlink messages. It is possible to have a byte array larger than UINT16_MAX which would result in the length field overflowing and allowing user-controlled data to be parsed as control characters.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

Low
Integrity (I)

Low
Availability (A)

Low

Buffer Overflow Affecting github.com/opencontainers/runc/libcontainer package, versions <1.0.3

Severity

CVSS assessment made by Snyk's Security Team

Threat Intelligence

Introduced: 6 Dec 2021

How to fix?

Overview

References

CVSS Scores

Snyk

NVD

SUSE

Red Hat