Security News > 2024 > February > Leaky Vessels flaws allow hackers to escape Docker, runc containers
Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system.
Containers are applications packaged into a file that contains all the runtime dependencies, executables, and code required to run an application.
These containers are executed by platforms like Docker and Kubernetes that run the application in a virtualized environment isolated from the operating system.
Container escape occurs when an attacker or a malicious application breaks out of the isolated container environment and gains unauthorized access to the host system or other containers.
Snyk team has found four vulnerabilities collectively called "Leaky Vessels" that impact the runc and Buildkit container infrastructure and build tools, potentially allowing attackers to perform container escape on various software products.
As runc or Buildkit are used by a wide range of popular container management software, such as Docker and Kubernetes, the exposure to attacks becomes far more significant.