CVE-2019-16884

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-16884
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16884.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-16884
Aliases
Downstream
Related
Published
2019-09-25T18:15:13.057Z
Modified
2026-02-06T04:10:59.114288Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

References

Affected packages

Git
github.com/docker/docker

Affected ranges

Type
GIT
Repo
https://github.com/docker/docker
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8293a0d53350b9ebb584988efe3096c313a13ad4
Last affected
ed20165a37b40ff1cfbe55e218344c5e89f30ee2

Affected versions

0.*
0.0.3
upstream/0.*
upstream/0.1.1
upstream/0.1.2
upstream/0.1.3
upstream/0.1.4
v0.*
v0.1.0
v0.1.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16884.json"
github.com/docker/docker-ce

Affected ranges

Type
GIT
Repo
https://github.com/docker/docker-ce
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6a30dfca03664a0b6bf0646a7d389ee7d0318e6e

Affected versions

v19.*
v19.03.0
v19.03.0-beta1
v19.03.0-beta2
v19.03.0-beta3
v19.03.0-beta4
v19.03.0-beta5
v19.03.0-rc2
v19.03.0-rc3
v19.03.1
v19.03.2
v19.03.2-beta1
v19.03.2-rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16884.json"
github.com/opencontainers/runc

Affected ranges

Type
GIT
Repo
https://github.com/opencontainers/runc
Events
Last affected
04f275d4601ca7e5ff9460cec7f65e8dd15443ec
Last affected
2e7cfe036e2c6dc51ccca6eb7fa3ee6b63976dcd
Last affected
425e105d5a03fabd737a126ad93d62a9eeede87f
Last affected
4fc53a81fb7c994640722ac585fa9ca548971871
Last affected
69ae5da6afdcaaf38285a10b36f362e41cb298d6
Last affected
75f8da7c889acc4509a0cf6f0d3a8f9584778375
Introduced
2598484b97994f61781e4f40b9782e0809e4e2c2
Last affected
baf6536d6259209c3edfa2b22237af82942d3dfa
Last affected
c91b5bea4830a57eac7882d7455d59518cdf70ec
Last affected
ccb5efd37fb7c86364786e9137e22948751de7ed

Affected versions

v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v0.1.0
v0.1.1
v1.*
v1.0.0-rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16884.json"