<p>Upgrade <code>github.com/opencontainers/runc/libcontainer</code> to version 1.0.0-rc7 or higher.</p>

libcontainer package, versions <1.0.0-rc7

Snyk CVSS

Attack Complexity Low

User Interaction Required

Scope Changed

Confidentiality High

Integrity High

Availability High

Threat Intelligence

Exploit Maturity Mature

EPSS 0.42% (75^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-GOLANG-GITHUBCOMOPENCONTAINERSRUNCLIBCONTAINER-6186508
published 24 Jan 2024
disclosed 11 Feb 2019
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 11 Feb 2019

CVE-2019-5736 Open this link in a new tab CWE-78 Open this link in a new tab

How to fix?

Upgrade github.com/opencontainers/runc/libcontainer to version 1.0.0-rc7 or higher.

Overview

github.com/opencontainers/runc/libcontainer is a package for a modern container runtime.

Affected versions of this package are vulnerable to Command Injection runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.