VYPR
High severity7.8NVD Advisory· Published Jun 1, 2016· Updated Jun 17, 2026

CVE-2016-3697

CVE-2016-3697

Description

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/opencontainers/runcGo
< 0.1.00.1.0

Affected products

29

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.