Vulnerability Database
296,746
Total vulnerabilities in the database
CVE-2019-18837
An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c.
| Software | From | Fixed in |
|---|---|---|
| crun_project / crun | - | 0.10.5 |
| fedoraproject / fedora | 30 | 30.x |
| fedoraproject / fedora | 31 | 31.x |
- https://github.com/containers/crun/pull/173
- https://github.com/containers/crun/releases/tag/0.10.5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTA5SJUAKQUK6HRY2CZVJUIZP5BO3EOG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITB2UNEGHXZUR3ATYHWPSK5LJB36N7AP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTA5SJUAKQUK6HRY2CZVJUIZP5BO3EOG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITB2UNEGHXZUR3ATYHWPSK5LJB36N7AP/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime