{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T17:31:26.184","vulnerabilities":[{"cve":{"id":"CVE-2021-43784","sourceIdentifier":"security-advisories@github.com","published":"2021-12-06T18:15:08.240","lastModified":"2024-11-21T06:29:46.873","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug."},{"lang":"es","value":"runc es una herramienta CLI para generar y ejecutar contenedores en Linux según la especificación OCI. En runc, netlink es usado internamente como un sistema de serialización para especificar la configuración relevante del contenedor a la porción \"C\" del código (responsable de la configuración del espacio de nombres basado en los contenedores). En todas las versiones de runc anteriores a la 1.0.3, el codificador no manejaba la posibilidad de un desbordamiento de enteros en el campo de longitud de 16 bits para el tipo de atributo de matriz de bytes, lo que significaba que un atributo de matriz de bytes suficientemente grande y malicioso podía provocar el desbordamiento de la longitud y que el contenido del atributo fuera analizado como mensajes netlink para la configuración del contenedor. Esta vulnerabilidad requiere que el atacante tenga cierto control sobre la configuración del contenedor y le permitiría saltarse las restricciones de espacio de nombres del contenedor simplemente añadiendo su propia carga útil de netlink que deshabilita todos los espacios de nombres. Los principales usuarios afectados son aquellos que permiten la ejecución de imágenes no confiables con configuraciones no confiables en sus máquinas (como en el caso de la infraestructura de nube compartida). runc versión 1.0.3 contiene una corrección para este bug. Como solución, puede intentarse deshabilitar las rutas de espacios de nombres no confiables de su contenedor. Tenga en cuenta que las rutas de espacios de nombres no confiables permitirían al atacante deshabilitar las protecciones de espacios de nombres por completo incluso en ausencia de este bug"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.3","matchCriteriaId":"0EDE92EF-36C3-48E0-ADCF-FFAB45F903F2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=2241","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html","source":"security-advisories@github.com"},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=2241","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}