CVE-2021-30465

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-30465
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-30465.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-30465
Aliases
Downstream
Related
Published
2021-05-27T13:15:08.077Z
Modified
2026-02-08T22:31:53.360035Z
Severity
  • 8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.

References

Affected packages

Git / github.com/opencontainers/runc

Affected ranges

Type
GIT
Repo
https://github.com/opencontainers/runc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
04f275d4601ca7e5ff9460cec7f65e8dd15443ec
Last affected
12644e614e25b05da6fd08a38ffa0cfe1903fdec
Last affected
24a3cf88a7ae5f4995f6750654c0e2ca61ef4bb2
Last affected
2c7861bc5e1b3e756392236553ec14a78a09f8bf
Last affected
2e7cfe036e2c6dc51ccca6eb7fa3ee6b63976dcd
Last affected
425e105d5a03fabd737a126ad93d62a9eeede87f
Last affected
4fc53a81fb7c994640722ac585fa9ca548971871
Last affected
69ae5da6afdcaaf38285a10b36f362e41cb298d6
Last affected
75f8da7c889acc4509a0cf6f0d3a8f9584778375
Last affected
baf6536d6259209c3edfa2b22237af82942d3dfa
Last affected
c91b5bea4830a57eac7882d7455d59518cdf70ec
Last affected
ccb5efd37fb7c86364786e9137e22948751de7ed
Last affected
d736ef14f0288d6993a1845745d6756cfc9ddd5a
Last affected
dc9208a3303feef5b3839f4323d9beb36df0a9dd
Last affected
ff819c7e9184c13b7c2607fe6c30ae19403a7aff

Affected versions

v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v0.1.0
v0.1.1
v1.*
v1.0.0-rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-30465.json"