Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/37083?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37083?format=api", "vulnerability_id": "VCID-3yvf-q4uj-dbdh", "summary": "Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC\n### Impact\n\nIn runc, [netlink](https://www.man7.org/linux/man-pages/man7/netlink.7.html) is used internally as a serialization system for specifying the relevant container configuration to the C portion of our code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration.\n\nThis vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces.\n\nPrior to 9c444070ec7bb83995dbc0185da68284da71c554, in practice it was fairly difficult to specify an arbitrary-length netlink message with most container runtimes. The only user-controlled byte array was the namespace paths attributes which can be specified in runc's `config.json`, but as far as we can tell no container runtime gives raw access to that configuration setting -- and having raw access to that setting **would allow the attacker to disable namespace protections entirely anyway** (setting them to `/proc/1/ns/...` for instance). In addition, each namespace path is limited to 4096 bytes (with only 7 namespaces supported by runc at the moment) meaning that even with custom namespace paths it appears an attacker still cannot shove enough bytes into the netlink bytemsg in order to overflow the uint16 counter.\n\nHowever, out of an abundance of caution (given how old this bug is) we decided to treat it as a potentially exploitable vulnerability with a low severity. After 9c444070ec7bb83995dbc0185da68284da71c554 (which was not present in any release of runc prior to the discovery of this bug), all mount paths are included as a giant netlink message which means that this bug becomes significantly more exploitable in more reasonable threat scenarios.\n\nThe main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure), though as mentioned above it appears this bug was not practically exploitable on any released version of runc to date.\n\n### Patches\nThe patch for this is d72d057ba794164c3cce9451a00b72a78b25e1ae and runc 1.0.3 was released with this bug fixed.\n\n### Workarounds\nTo the extent this is exploitable, disallowing untrusted namespace paths in container configuration should eliminate all practical ways of exploiting this bug. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.\n\n### References\n* commit d72d057ba794 (\"runc init: avoid netlink message length overflows\")\n* https://bugs.chromium.org/p/project-zero/issues/detail?id=2241\n\n### Credits\nThanks to Felix Wilhelm from Google Project Zero for discovering and reporting this vulnerability. In particular, the fact they found this vulnerability so quickly, before we made a 1.1 release of runc (which would've been vulnerable) was quite impressive.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [our repo](https://github.com/opencontainers/runc)", "aliases": [ { "alias": "CVE-2021-43784" }, { "alias": "GHSA-v95c-p5hm-xq8f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374717?format=api", "purl": "pkg:alpm/archlinux/runc@1.0.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/runc@1.0.3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/392789?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=aarch64&distroversion=v3.15&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=aarch64&distroversion=v3.15&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/392790?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armhf&distroversion=v3.15&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armhf&distroversion=v3.15&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/392791?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armv7&distroversion=v3.15&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armv7&distroversion=v3.15&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/392795?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86_64&distroversion=v3.15&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86_64&distroversion=v3.15&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/413890?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=aarch64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=aarch64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/413891?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armhf&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armhf&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/413892?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armv7&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/479688?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=aarch64&distroversion=v3.16&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=aarch64&distroversion=v3.16&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/479689?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armhf&distroversion=v3.16&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armhf&distroversion=v3.16&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/479690?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armv7&distroversion=v3.16&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armv7&distroversion=v3.16&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/479691?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=ppc64le&distroversion=v3.16&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/503464?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=aarch64&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=aarch64&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/503465?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armhf&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armhf&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/538225?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armv7&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armv7&distroversion=v3.18&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/538226?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=ppc64le&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=ppc64le&distroversion=v3.18&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/538227?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=s390x&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=s390x&distroversion=v3.18&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/538228?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86&distroversion=v3.18&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/538229?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86_64&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86_64&distroversion=v3.18&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568428?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=aarch64&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=aarch64&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568429?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armhf&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armhf&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568430?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armv7&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armv7&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/974443?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=aarch64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/974444?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armhf&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armhf&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/974445?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armv7&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armv7&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/974446?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=loongarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=loongarch64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/974447?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=ppc64le&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=ppc64le&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/974448?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=riscv64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=riscv64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/974449?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=s390x&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=s390x&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/974450?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/974451?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86_64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86_64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1012214?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86&distroversion=v3.17&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1012215?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86_64&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86_64&distroversion=v3.17&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1018094?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1018095?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armhf&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1018096?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armv7&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armv7&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1018098?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=ppc64le&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1018099?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=riscv64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1018100?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=s390x&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1018101?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1018102?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/392792?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=ppc64le&distroversion=v3.15&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=ppc64le&distroversion=v3.15&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/392793?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=s390x&distroversion=v3.15&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=s390x&distroversion=v3.15&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/392794?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86&distroversion=v3.15&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86&distroversion=v3.15&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/413893?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=loongarch64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/413894?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=ppc64le&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/413895?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/413896?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=s390x&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=s390x&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/413897?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/413898?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/479692?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=s390x&distroversion=v3.16&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=s390x&distroversion=v3.16&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/479693?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86&distroversion=v3.16&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86&distroversion=v3.16&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/479694?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86_64&distroversion=v3.16&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86_64&distroversion=v3.16&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/503466?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armv7&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armv7&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/503467?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=ppc64le&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/503468?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=riscv64&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=riscv64&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/503469?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=s390x&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=s390x&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/503470?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/503471?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86_64&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86_64&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/538223?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=aarch64&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=aarch64&distroversion=v3.18&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/538224?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armhf&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armhf&distroversion=v3.18&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568431?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=ppc64le&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568432?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=s390x&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=s390x&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568433?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568434?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86_64&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86_64&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/961946?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=aarch64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=aarch64&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/961947?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armhf&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/961948?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armv7&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armv7&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/961949?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=loongarch64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/961950?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=ppc64le&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/961951?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=riscv64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=riscv64&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/961952?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=s390x&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=s390x&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/961953?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/961954?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=x86_64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=x86_64&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1012209?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=aarch64&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=aarch64&distroversion=v3.17&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1012210?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armhf&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armhf&distroversion=v3.17&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1012211?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=armv7&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=armv7&distroversion=v3.17&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1012212?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=ppc64le&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=ppc64le&distroversion=v3.17&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1012213?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=s390x&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=s390x&distroversion=v3.17&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1018097?format=api", "purl": "pkg:apk/alpine/runc@1.0.3-r0?arch=loongarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/runc@1.0.3-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/938522?format=api", "purl": "pkg:deb/debian/runc@1.0.0~rc93%2Bds1-5%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.0.0~rc93%252Bds1-5%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/994646?format=api", "purl": "pkg:deb/debian/runc@1.0.0~rc93%2Bds1-5%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mt76-ah1b-s3gc" }, { "vulnerability": "VCID-vk37-s4p6-fufm" }, { "vulnerability": "VCID-wxsf-mu1t-aqa4" }, { "vulnerability": "VCID-x2zb-mehm-ebge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.0.0~rc93%252Bds1-5%252Bdeb11u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/938512?format=api", "purl": "pkg:deb/debian/runc@1.0.0~rc93%2Bds1-5%2Bdeb11u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mt76-ah1b-s3gc" }, { "vulnerability": "VCID-vk37-s4p6-fufm" }, { "vulnerability": "VCID-wxsf-mu1t-aqa4" }, { "vulnerability": "VCID-x2zb-mehm-ebge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.0.0~rc93%252Bds1-5%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938521?format=api", "purl": "pkg:deb/debian/runc@1.0.3%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.0.3%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938510?format=api", "purl": "pkg:deb/debian/runc@1.1.5%2Bds1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mt76-ah1b-s3gc" }, { "vulnerability": "VCID-vk37-s4p6-fufm" }, { "vulnerability": "VCID-wxsf-mu1t-aqa4" }, { "vulnerability": "VCID-x2zb-mehm-ebge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.1.5%252Bds1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938514?format=api", "purl": "pkg:deb/debian/runc@1.1.15%2Bds1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mt76-ah1b-s3gc" }, { "vulnerability": "VCID-vk37-s4p6-fufm" }, { "vulnerability": "VCID-wxsf-mu1t-aqa4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.1.15%252Bds1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938513?format=api", "purl": "pkg:deb/debian/runc@1.3.5%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.3.5%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/74623?format=api", "purl": "pkg:ebuild/app-containers/runc@1.1.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/runc@1.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/74585?format=api", "purl": "pkg:golang/github.com/opencontainers/runc@1.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/opencontainers/runc@1.0.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374716?format=api", "purl": "pkg:alpm/archlinux/runc@1.0.2-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yvf-q4uj-dbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/runc@1.0.2-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052230?format=api", "purl": "pkg:deb/debian/runc@0.1.1%2Bdfsg1-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-165g-hgmx-nybk" }, { "vulnerability": "VCID-3m4n-58pj-mkeb" }, { "vulnerability": "VCID-3yvf-q4uj-dbdh" }, { "vulnerability": "VCID-7juj-78y7-g7b6" }, { "vulnerability": "VCID-997v-f2ds-e3e4" }, { "vulnerability": "VCID-9mdg-3961-cybf" }, { "vulnerability": "VCID-jc1e-8tt4-xqdn" }, { "vulnerability": "VCID-seds-dzew-jyfs" }, { "vulnerability": "VCID-tsgr-5mwt-jkeh" }, { "vulnerability": "VCID-v2ys-xbn5-guh4" }, { "vulnerability": "VCID-zex4-9xyf-6yf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@0.1.1%252Bdfsg1-1~bpo8%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052231?format=api", "purl": "pkg:deb/debian/runc@0.1.1%2Bdfsg1-2%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m4n-58pj-mkeb" }, { "vulnerability": "VCID-3yvf-q4uj-dbdh" }, { "vulnerability": "VCID-7juj-78y7-g7b6" }, { "vulnerability": "VCID-997v-f2ds-e3e4" }, { "vulnerability": "VCID-9mdg-3961-cybf" }, { "vulnerability": "VCID-jc1e-8tt4-xqdn" }, { "vulnerability": "VCID-seds-dzew-jyfs" }, { "vulnerability": "VCID-tsgr-5mwt-jkeh" }, { "vulnerability": "VCID-v2ys-xbn5-guh4" }, { "vulnerability": "VCID-zex4-9xyf-6yf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@0.1.1%252Bdfsg1-2%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052232?format=api", "purl": "pkg:deb/debian/runc@1.0.0~rc2%2Bgit20161109.131.5137186-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m4n-58pj-mkeb" }, { "vulnerability": "VCID-3yvf-q4uj-dbdh" }, { "vulnerability": "VCID-7juj-78y7-g7b6" }, { "vulnerability": "VCID-997v-f2ds-e3e4" }, { "vulnerability": "VCID-9mdg-3961-cybf" }, { "vulnerability": "VCID-jc1e-8tt4-xqdn" }, { "vulnerability": "VCID-seds-dzew-jyfs" }, { "vulnerability": "VCID-tsgr-5mwt-jkeh" }, { "vulnerability": "VCID-v2ys-xbn5-guh4" }, { "vulnerability": "VCID-zex4-9xyf-6yf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.0.0~rc2%252Bgit20161109.131.5137186-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052233?format=api", "purl": "pkg:deb/debian/runc@1.0.0~rc6%2Bdfsg1-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m4n-58pj-mkeb" }, { "vulnerability": "VCID-3yvf-q4uj-dbdh" }, { "vulnerability": "VCID-997v-f2ds-e3e4" }, { "vulnerability": "VCID-9mdg-3961-cybf" }, { "vulnerability": "VCID-jc1e-8tt4-xqdn" }, { "vulnerability": "VCID-seds-dzew-jyfs" }, { "vulnerability": "VCID-tsgr-5mwt-jkeh" }, { "vulnerability": "VCID-v2ys-xbn5-guh4" }, { "vulnerability": "VCID-zex4-9xyf-6yf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.0.0~rc6%252Bdfsg1-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052234?format=api", "purl": "pkg:deb/debian/runc@1.0.0~rc6%2Bdfsg1-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m4n-58pj-mkeb" }, { "vulnerability": "VCID-3yvf-q4uj-dbdh" }, { "vulnerability": "VCID-997v-f2ds-e3e4" }, { "vulnerability": "VCID-9mdg-3961-cybf" }, { "vulnerability": "VCID-jc1e-8tt4-xqdn" }, { "vulnerability": "VCID-seds-dzew-jyfs" }, { "vulnerability": "VCID-tsgr-5mwt-jkeh" }, { "vulnerability": "VCID-v2ys-xbn5-guh4" }, { "vulnerability": "VCID-zex4-9xyf-6yf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.0.0~rc6%252Bdfsg1-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052235?format=api", "purl": "pkg:deb/debian/runc@1.0.0~rc93%2Bds1-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m4n-58pj-mkeb" }, { "vulnerability": "VCID-3yvf-q4uj-dbdh" }, { "vulnerability": "VCID-jc1e-8tt4-xqdn" }, { "vulnerability": "VCID-seds-dzew-jyfs" }, { "vulnerability": "VCID-tsgr-5mwt-jkeh" }, { "vulnerability": "VCID-v2ys-xbn5-guh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.0.0~rc93%252Bds1-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052236?format=api", "purl": "pkg:deb/debian/runc@1.0.0~rc93%2Bds1-5%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yvf-q4uj-dbdh" }, { "vulnerability": "VCID-jc1e-8tt4-xqdn" }, { "vulnerability": "VCID-seds-dzew-jyfs" }, { "vulnerability": "VCID-tsgr-5mwt-jkeh" }, { "vulnerability": "VCID-v2ys-xbn5-guh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/runc@1.0.0~rc93%252Bds1-5%252Bdeb11u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/99767?format=api", "purl": "pkg:rpm/redhat/container-tools:latest/runc@4:1.1.9-1?arch=el9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yvf-q4uj-dbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/container-tools:latest/runc@4:1.1.9-1%3Farch=el9" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43784.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43784.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29736", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29657", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29636", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29708", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29695", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29632", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29775", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29842", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29958", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30027", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30175", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30093", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30255", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30078", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30128", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30171", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30168", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30132", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30073", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30072", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43784" }, { "reference_url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:32Z/" } ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43784" }, { "reference_url": "https://github.com/opencontainers/runc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc" }, { "reference_url": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:32Z/" } ], "url": "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554" }, { "reference_url": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:32Z/" } ], "url": "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae" }, { "reference_url": "https://github.com/opencontainers/runc/commit/dde509df4e28cec33b3c99c6cda3d4fd5beafc77", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc/commit/dde509df4e28cec33b3c99c6cda3d4fd5beafc77" }, { "reference_url": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:32Z/" } ], "url": "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed" }, { "reference_url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:32Z/" } ], "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:32Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:32Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43784", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43784" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0274", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0274" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029439", "reference_id": "2029439", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029439" }, { "reference_url": "https://security.archlinux.org/AVG-2599", "reference_id": "AVG-2599", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2599" }, { "reference_url": "https://security.gentoo.org/glsa/202408-25", "reference_id": "GLSA-202408-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6380", "reference_id": "RHSA-2023:6380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6380" }, { "reference_url": "https://usn.ubuntu.com/6088-2/", "reference_id": "USN-6088-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6088-2/" } ], "weaknesses": [ { "cwe_id": 190, "name": "Integer Overflow or Wraparound", "description": "The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control." } ], "exploits": [], "severity_range_score": "0.1 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3yvf-q4uj-dbdh" }