What is CVE-2019-5736?

CVE-2019-5736 is a vulnerability in N/a. Published 2019-02-11.

Is CVE-2019-5736 known to be exploited?

233 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of t…

EPSS: 0.592 (98.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
RHSA-2019:0408 (vendor-advisory)
github.com/rancher/runc-cve
RHSA-2019:0401 (vendor-advisory)
github.com/docker/docker-ce/releases/tag/v18.09.2
www.synology.com/security/advisory/Synology_SA_19_06
security.netapp.com/advisory/ntap-20190307-0008/
RHSA-2019:0303 (vendor-advisory)
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215… (vendor-advisory)
github.com/q3k/cve-2019-5736-poc

Frequently asked questions

What is CVE-2019-5736?: CVE-2019-5736 is a vulnerability in N/a. Published 2019-02-11.
Is CVE-2019-5736 known to be exploited?: 233 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.