Descriptionlibcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus (PTS)buster, buster (security)18.09.1+dfsg1-7.1+deb10u3fixed
bookworm, sid, bullseye20.10.5+dfsg1-1fixed
runc (PTS)stretch0.1.1+dfsg1-2+deb9u1fixed
stretch (security)0.1.1+dfsg1-2+deb9u2fixed
bookworm, sid1.0.2+ds1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
docker.iosource(unstable)(not affected)


- <not-affected> (Vulnerable code not present)
Affected file not present, but probably needs to be rebuild with fixed runc (runc, v0.1.0) (docker)

Search for package or bug name: Reporting problems