Medium severity6.4NVD Advisory· Published Jan 31, 2017· Updated Jun 17, 2026
CVE-2016-9962
CVE-2016-9962
Description
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/opencontainers/runcGo | < 1.0.0-rc3 | 1.0.0-rc3 |
Affected products
40- osv-coords39 versionspkg:apk/chainguard/runcpkg:apk/chainguard/runc-docpkg:apk/wolfi/runcpkg:apk/wolfi/runc-docpkg:golang/github.com/opencontainers/runcpkg:rpm/opensuse/containerd&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/docker&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/docker-stable&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/docker-stable&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/runc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/containerd&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/containerd&distro=SUSE%20OpenStack%20Cloud%206-LTSSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/docker&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/docker&distro=SUSE%20OpenStack%20Cloud%206-LTSSpkg:rpm/suse/docker-runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/docker-runc&distro=SUSE%20OpenStack%20Cloud%206-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP6pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP7pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/golang-github-docker-libnetwork&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/golang-github-docker-libnetwork&distro=SUSE%20OpenStack%20Cloud%206-LTSSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/runc&distro=SUSE%20OpenStack%20Cloud%206
< 0+ 38 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.0.0-rc3
- (no CPE)range: < 1.4.8-2.2
- (no CPE)range: < 20.10.6_ce-2.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-15.1
- (no CPE)range: < 0.0.20250807T150727-1.1
- (no CPE)range: < 1.0.2-1.2
- (no CPE)range: < 0.2.5+gitr569_2a5e70c-15.3
- (no CPE)range: < 0.2.5+gitr569_2a5e70c-15.3
- (no CPE)range: < 1.2.2-16.14.2
- (no CPE)range: < 1.12.6-87.2
- (no CPE)range: < 1.12.6-87.2
- (no CPE)range: < 18.09.1_ce-98.34.2
- (no CPE)range: < 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2
- (no CPE)range: < 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-1.20.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-1.20.1
- (no CPE)range: < 0.7.0.1+gitr2711_2cfbf9b1f981-16.2
- (no CPE)range: < 0.7.0.1+gitr2711_2cfbf9b1f981-16.2
- (no CPE)range: < 0.1.1+gitr2819_50a19c6-15.2
- (no CPE)range: < 0.1.1+gitr2819_50a19c6-15.2
Patches
Vulnerability mechanics
References
24- github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5nvdPatchThird Party AdvisoryWEB
- seclists.org/fulldisclosure/2017/Jan/21nvdMailing ListThird Party AdvisoryWEB
- seclists.org/fulldisclosure/2017/Jan/29nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/95361nvdThird Party AdvisoryVDB EntryWEB
- access.redhat.com/security/vulnerabilities/cve-2016-9962nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-gp4j-w3vj-7299ghsaADVISORY
- github.com/docker/docker/releases/tag/v1.12.6nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2016-9962ghsaADVISORY
- security.gentoo.org/glsa/201701-34nvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2017-0116.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2017-0123.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2017-0127.htmlnvdWEB
- www.securityfocus.com/archive/1/540001/100/0/threadednvdWEB
- bugzilla.suse.com/show_bug.cginvdIssue TrackingWEB
- github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXRghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VPghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRKghsaWEB
- web.nvd.nist.gov/view/vuln/detailghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/nvd
News mentions
0No linked articles in our index yet.