Security News > 2024 > January > RunC Flaws Enable Container Escapes, Granting Attackers Host Access
2024-01-31 20:00
Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk. "These container
News URL
https://thehackernews.com/2024/02/runc-flaws-enable-container-escapes.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-23653 | Unspecified vulnerability in Mobyproject Buildkit BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. | 9.8 |
| 2024-01-31 | CVE-2024-23652 | Unspecified vulnerability in Mobyproject Buildkit BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. | 9.1 |
| 2024-01-31 | CVE-2024-23651 | Unspecified vulnerability in Mobyproject Buildkit BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. | 7.4 |
| 2024-01-31 | CVE-2024-21626 | Exposure of Resource to Wrong Sphere vulnerability in multiple products runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. | 8.6 |