VYPR

Crun

by Containers

Source repositories

CVEs (4)

  • CVE-2019-18837HigNov 13, 2019
    risk 0.49cvss 8.6epss 0.01

    An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c.

  • CVE-2025-24965HigFeb 19, 2025
    risk 0.48cvss epss 0.01

    crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the…

  • CVE-2026-30892Mar 25, 2026
    risk 0.00cvss epss 0.00

    crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with…

  • CVE-2022-27650HigApr 4, 2022
    risk 0.00cvss 7.5epss 0.01

    A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker…