rpm package
opensuse/crun&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/crun&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-30892 | — | < 1.27-1.1 | 1.27-1.1 | Mar 25, 2026 | crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with hig | ||
| CVE-2025-24965 | Hig | — | < 1.20-1.1 | 1.20-1.1 | Feb 19, 2025 | crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the abilit | |
| CVE-2024-21626 | — | < 1.14.4-1.1 | 1.14.4-1.1 | Jan 31, 2024 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the h | ||
| CVE-2022-27650 | — | < 1.4.4-1.1 | 1.4.4-1.1 | Apr 4, 2022 | A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker w |
- CVE-2026-30892Mar 25, 2026affected < 1.27-1.1fixed 1.27-1.1
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with hig
- affected < 1.20-1.1fixed 1.20-1.1
crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the abilit
- CVE-2024-21626Jan 31, 2024affected < 1.14.4-1.1fixed 1.14.4-1.1
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the h
- CVE-2022-27650Apr 4, 2022affected < 1.4.4-1.1fixed 1.4.4-1.1
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker w