Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-vkba-amt4-m7e6

Summary

Privilege Elevation in runc
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

Aliases

alias	CVE-2016-3697

alias	GHSA-q3j5-32m5-58c2

Fixed_packages

url	pkg:deb/debian/docker.io@0?distro=trixie
purl	pkg:deb/debian/docker.io@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie

url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sky-21r5-3qcu

vulnerability	VCID-6tg9-3vhh-muae

vulnerability	VCID-8e1u-z6kg-ryhc

vulnerability	VCID-avqu-wswg-c3ga

vulnerability	VCID-b2qe-8u58-2qck

vulnerability	VCID-bzeb-kj67-vfds

vulnerability	VCID-e82r-vc77-f7bz

vulnerability	VCID-njcw-wc13-dqcz

vulnerability	VCID-quyf-eq2s-dbda

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sky-21r5-3qcu

vulnerability	VCID-6tg9-3vhh-muae

vulnerability	VCID-8e1u-z6kg-ryhc

vulnerability	VCID-b2qe-8u58-2qck

vulnerability	VCID-njcw-wc13-dqcz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie
purl	pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie

url	pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie
purl	pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie

url	pkg:deb/debian/runc@0.1.0%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/runc@0.1.0%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@0.1.0%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/runc@1.0.0~rc93%2Bds1-5%2Bdeb11u5?distro=trixie

purl pkg:deb/debian/runc@1.0.0~rc93%2Bds1-5%2Bdeb11u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mt76-ah1b-s3gc

vulnerability	VCID-vk37-s4p6-fufm

vulnerability	VCID-wxsf-mu1t-aqa4

vulnerability	VCID-x2zb-mehm-ebge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.0.0~rc93%252Bds1-5%252Bdeb11u5%3Fdistro=trixie

url pkg:deb/debian/runc@1.1.5%2Bds1-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/runc@1.1.5%2Bds1-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mt76-ah1b-s3gc

vulnerability	VCID-vk37-s4p6-fufm

vulnerability	VCID-wxsf-mu1t-aqa4

vulnerability	VCID-x2zb-mehm-ebge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.1.5%252Bds1-1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/runc@1.1.15%2Bds1-2?distro=trixie

purl pkg:deb/debian/runc@1.1.15%2Bds1-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mt76-ah1b-s3gc

vulnerability	VCID-vk37-s4p6-fufm

vulnerability	VCID-wxsf-mu1t-aqa4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.1.15%252Bds1-2%3Fdistro=trixie

url	pkg:deb/debian/runc@1.3.5%2Bds1-1?distro=trixie
purl	pkg:deb/debian/runc@1.3.5%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.3.5%252Bds1-1%3Fdistro=trixie

url	pkg:ebuild/app-emulation/docker@1.11.0
purl	pkg:ebuild/app-emulation/docker@1.11.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/docker@1.11.0

url	pkg:golang/github.com/opencontainers/runc@0.1.0
purl	pkg:golang/github.com/opencontainers/runc@0.1.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/opencontainers/runc@0.1.0

Affected_packages

url pkg:rpm/redhat/docker@1.9.1-40?arch=el7

purl pkg:rpm/redhat/docker@1.9.1-40?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vkba-amt4-m7e6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/docker@1.9.1-40%3Farch=el7

url pkg:rpm/redhat/docker@1.10.3-57?arch=el7

purl pkg:rpm/redhat/docker@1.10.3-57?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vkba-amt4-m7e6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/docker@1.10.3-57%3Farch=el7

References

reference_url	http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1034.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1034.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2634.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-2634.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3697.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3697.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3697

reference_id

reference_type

scores

value	0.00057
scoring_system	epss
scoring_elements	0.17796
published_at	2026-04-24T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17976
published_at	2026-04-09T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17916
published_at	2026-04-08T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17828
published_at	2026-04-07T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.18127
published_at	2026-04-04T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.18073
published_at	2026-04-02T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17912
published_at	2026-04-01T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17888
published_at	2026-04-21T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17852
published_at	2026-04-18T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17842
published_at	2026-04-16T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.179
published_at	2026-04-13T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17949
published_at	2026-04-12T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17993
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3697

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3697
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3697

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/docker/docker/issues/21436

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/docker/docker/issues/21436

reference_url

https://github.com/opencontainers/runc

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/opencontainers/runc

reference_url

https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091

reference_url

https://github.com/opencontainers/runc/pull/708

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/opencontainers/runc/pull/708

reference_url

https://github.com/opencontainers/runc/releases/tag/v0.1.0

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/opencontainers/runc/releases/tag/v0.1.0

reference_url

https://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3697

reference_id

reference_type

scores

value	2.1
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:N/A:N

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3697

reference_url

https://pkg.go.dev/vuln/GO-2021-0070

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2021-0070

reference_url

https://rhn.redhat.com/errata/RHSA-2016-1034.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rhn.redhat.com/errata/RHSA-2016-1034.html

reference_url

https://rhn.redhat.com/errata/RHSA-2016-2634.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rhn.redhat.com/errata/RHSA-2016-2634.html

reference_url

https://security.gentoo.org/glsa/201612-28

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201612-28

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1329450
reference_id	1329450
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1329450

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker::::::::
reference_id	cpe:2.3:a:docker:docker::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc::::::::
reference_id	cpe:2.3:a:linuxfoundation:runc::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url	https://access.redhat.com/errata/RHSA-2016:1034
reference_id	RHSA-2016:1034
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1034

reference_url	https://access.redhat.com/errata/RHSA-2016:2634
reference_id	RHSA-2016:2634
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2634

Weaknesses

cwe_id	269
name	Improper Privilege Management
description	The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

cwe_id	264
name	Permissions, Privileges, and Access Controls
description	Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Exploits

Severity_range_score 2.1 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vkba-amt4-m7e6

Vulnerability Instance