CVE-2016-9962

ADVISORY - github

Summary

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.

EPSS Score⁠: 0.00203 (0.426)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-362⁠

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ADVISORY - github

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-362⁠

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.