CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Published: Feb 11, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-5736
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.6
AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
docker / docker	-	18.09.2
linuxfoundation / runc	1.0.0-rc6	1.0.0-rc6.x
linuxfoundation / runc	1.0.0-rc5	1.0.0-rc5.x
linuxfoundation / runc	1.0.0-rc4	1.0.0-rc4.x
linuxfoundation / runc	1.0.0-rc3	1.0.0-rc3.x
linuxfoundation / runc	1.0.0-rc2	1.0.0-rc2.x
linuxfoundation / runc	1.0.0-rc1	1.0.0-rc1.x
linuxfoundation / runc	-	0.1.1.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / openshift	3.4	3.4.x
redhat / openshift	3.7	3.7.x
redhat / openshift	3.6	3.6.x
redhat / openshift	3.5	3.5.x
redhat / enterprise_linux	8.0	8.0.x
redhat / container_development_kit	3.7	3.7.x
linuxcontainers / lxc	-	3.2.0
apache / mesos	1.4.0	1.4.3
apache / mesos	1.6.0	1.6.2
apache / mesos	1.7.0	1.7.2
apache / mesos	1.5.0	1.5.3
opensuse / leap	42.3	42.3.x
opensuse / leap	15.0	15.0.x
opensuse / leap	15.1	15.1.x
opensuse / backports_sle	15.0-sp1	15.0-sp1.x
opensuse / backports_sle	15.0	15.0.x
d2iq / kubernetes_engine	-	2.2.0-1.13.3
d2iq / dc/os	-	1.10.10
d2iq / dc/os	1.10.11	1.11.9
d2iq / dc/os	1.11.10	1.12.1
fedoraproject / fedora	29	29.x
fedoraproject / fedora	30	30.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	18.10	18.10.x
canonical / ubuntu_linux	19.04	19.04.x
microfocus / service_management_automation	2018.05	2018.05.x
microfocus / service_management_automation	2018.02	2018.02.x
microfocus / service_management_automation	2018.08	2018.08.x
microfocus / service_management_automation	2018.11	2018.11.x

Vulnerability Database

289,599

CVE-2019-5736