Vulnerabilities > CVE-2018-16359 - Unspecified vulnerability in Google Gvisor 20180822

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

google

NVD

Published: 2018-09-02

Updated: 2024-11-21

Summary

Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS.

Vulnerable Configurations

Part	Description	Count
Application	Google Google Gvisor - Google Gvisor 2018-08-22	2

References

https://bugs.chromium.org/p/project-zero/issues/detail?id=1632
https://bugs.chromium.org/p/project-zero/issues/detail?id=1632
https://github.com/google/gvisor/commit/001a4c2493b13a43d62c7511fb509a959ae4abc2
https://github.com/google/gvisor/commit/001a4c2493b13a43d62c7511fb509a959ae4abc2