8.6 / 10

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Weakness: DEPRECATED: Containment Errors (Container Errors)

This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name is inappropriate, since the "container" term is widely understood by developers in different ways than originally intended by PLOVER, the original source for this entry.

Published: 2019-02-11

Vulnerable Products

Community Advisory

Improve Advisory

CVE-2019-5736 Exploits (24)

Show all exploits (+14):

Bug Bounty

The Internet: CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host

submitted by adam_iwaniuk about 2 years ago
publicly disclosed over 1 year ago

50m-ctf: CTF write-up: c8889970d9fb722066f31e804e351993

submitted by ret2jazzy almost 2 years ago
publicly disclosed almost 2 years ago

50m-ctf: $50 million CTF Writeup

submitted by manoelt almost 2 years ago
publicly disclosed almost 2 years ago

Official CVE References

View references (61)