MidnightBSD

Advisories for crun_project

CVE-2019-18837 MEDIUM

An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
crun_project crun *
fedoraproject fedora 31
fedoraproject fedora 30
CVE-2022-27650 MEDIUM

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
crun_project crun *
fedoraproject fedora 34
redhat enterprise_linux 8.0
redhat openshift_container_platform 4.0
CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 0.0 NONE CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N 2.5 0.0

Products Affected

Vendor Product Version
crun_project crun *