9.3

CVE-2019-5736

Medienbericht
Exploit
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DockerDocker Version < 18.09.2
LinuxfoundationRunc Version <= 0.1.1
LinuxfoundationRunc Version1.0.0 Updaterc1
LinuxfoundationRunc Version1.0.0 Updaterc2
LinuxfoundationRunc Version1.0.0 Updaterc3
LinuxfoundationRunc Version1.0.0 Updaterc4
LinuxfoundationRunc Version1.0.0 Updaterc5
LinuxfoundationRunc Version1.0.0 Updaterc6
RedhatOpenshift Version3.4
RedhatOpenshift Version3.5
RedhatOpenshift Version3.6
RedhatOpenshift Version3.7
RedhatEnterprise Linux Version8.0
GoogleKubernetes Engine Version-
LinuxcontainersLxc Version < 3.2.0
HpOnesphere Version-
NetappSolidfire Version-
ApacheMesos Version >= 1.4.0 < 1.4.3
ApacheMesos Version >= 1.5.0 < 1.5.3
ApacheMesos Version >= 1.6.0 < 1.6.2
ApacheMesos Version >= 1.7.0 < 1.7.2
OpensuseBackports Sle Version15.0 Update-
OpensuseBackports Sle Version15.0 Updatesp1
OpensuseLeap Version15.0
OpensuseLeap Version15.1
OpensuseLeap Version42.3
D2iqKubernetes Engine Version < 2.2.0-1.13.3
D2iqDc/os Version < 1.10.10
D2iqDc/os Version >= 1.10.11 < 1.11.9
D2iqDc/os Version >= 1.11.10 < 1.12.1
FedoraprojectFedora Version29
FedoraprojectFedora Version30
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
CanonicalUbuntu Linux Version19.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 98.57% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.6 1.8 6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
05.06.2026 12:52
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/06/28/2
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2019/10/24/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2019/10/29/3
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2019/07/06/3
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2019/07/06/4
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html
Third Party Advisory
Mailing List
http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
Third Party Advisory
Exploit
VDB Entry
http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2019/03/23/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2024/01/31/6
http://www.openwall.com/lists/oss-security/2024/02/01/1
http://www.openwall.com/lists/oss-security/2024/02/02/3
http://www.securityfocus.com/bid/106976
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:0303
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0304
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0401
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0408
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0975
Third Party Advisory
https://access.redhat.com/security/cve/cve-2019-5736
Third Party Advisory
https://access.redhat.com/security/vulnerabilities/runcescape
Third Party Advisory
https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
Third Party Advisory
https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
Patch
Third Party Advisory
Vendor Advisory
https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
Patch
Third Party Advisory
Vendor Advisory
https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
Third Party Advisory
Exploit
Mitigation
https://brauner.github.io/2019/02/12/privileged-containers.html
Third Party Advisory
Exploit
Technical Description
https://bugzilla.suse.com/show_bug.cgi?id=1121967
Patch
Third Party Advisory
Issue Tracking
https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
Third Party Advisory
https://github.com/Frichetten/CVE-2019-5736-PoC
Third Party Advisory
Exploit
https://github.com/docker/docker-ce/releases/tag/v18.09.2
Third Party Advisory
Release Notes
https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
Patch
Third Party Advisory
https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
Patch
Third Party Advisory
https://github.com/q3k/cve-2019-5736-poc
Third Party Advisory
Exploit
https://github.com/rancher/runc-cve
Third Party Advisory
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
Third Party Advisory
https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E
https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E
https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E
https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E
https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E
https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
https://security.gentoo.org/glsa/202003-21
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190307-0008/
Third Party Advisory
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
Permissions Required
https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
Patch
Third Party Advisory
Exploit
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
Third Party Advisory
https://usn.ubuntu.com/4048-1/
Third Party Advisory
https://www.exploit-db.com/exploits/46359/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/46369/
Third Party Advisory
Exploit
VDB Entry
https://www.openwall.com/lists/oss-security/2019/02/11/2
Patch
Third Party Advisory
Mailing List
https://www.synology.com/security/advisory/Synology_SA_19_06
Third Party Advisory
https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
Third Party Advisory