CVE-2019-5736
Public on 2019-02-08
Modified on 2019-02-11
Description
A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | docker | 2019-02-08 | ALAS-2019-1156 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.7 | CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
| NVD | CVSSv3 | 8.6 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
| NVD | CVSSv2 | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |