HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2019-5736

CVSS 8.6v3.1pub. 2019-02-11upd. 2024-11-21

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Apache Mesos

    APP
    Apache
    1.4.0 – 1.4.3 (bez)1.7.0 – 1.7.2 (bez)1.6.0 – 1.6.2 (bez)1.5.0 – 1.5.3 (bez)
  • Canonical Ubuntu

    OS
    Canonical
    16.0418.0418.1019.04
  • D2iq Dc\/os

    OS
    D2Iq
    1.10.11 – 1.11.9 (bez)< 1.10.101.11.10 – 1.12.1 (bez)
  • D2iq Kubernetes Engine

    APP
    D2Iq
    < 2.2.0-1.13.3
  • Docker

    APP
    Docker
    < 18.09.2
  • Fedora Project Fedora

    OS
    Fedoraproject
    2930
  • Google Kubernetes Engine

    APP
    Google
    wszystkie wersje
  • HP Onesphere

    APP
    Hp
    wszystkie wersje
  • Linuxcontainers Lxc

    APP
    Linuxcontainers
    < 3.2.0
  • Linuxfoundation Runc

    APP
    Linuxfoundation
    1.0.0≤ 0.1.1
  • Microfocus Service Management Automation

    APP
    Microfocus
    2018.022018.052018.082018.11
  • Netapp Hci Management Node

    APP
    Netapp
    wszystkie wersje
  • Netapp Solidfire

    APP
    Netapp
    wszystkie wersje
  • Opensuse Backports Sle

    APP
    Opensuse
    15.0
  • Opensuse Leap

    OS
    Opensuse
    15.015.142.3
  • Red Hat Container Development Kit

    APP
    Redhat
    3.7
  • Red Hat Enterprise Linux

    OS
    Redhat
    8.0
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    7.0
  • Red Hat Openshift

    APP
    Redhat
    3.43.53.63.7
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
ContainerCommand Injection
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit

CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML

CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)

CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox