{"id":"CVE-2016-9962","details":"RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.","aliases":["GHSA-gp4j-w3vj-7299","GO-2022-0835"],"modified":"2026-05-30T08:42:13.765027Z","published":"2017-01-31T22:59:01.783Z","related":["CGA-4ch3-c2gf-f2pm","SUSE-SU-2017:1964-1","SUSE-SU-2019:0573-1","SUSE-SU-2025:03540-1","SUSE-SU-2025:03545-1","openSUSE-SU-2024:10693-1","openSUSE-SU-2024:10722-1","openSUSE-SU-2024:11358-1","openSUSE-SU-2025:15424-1","openSUSE-SU-2025:15589-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_RANGE","vendor_product":"docker:docker","extracted_events":[{"introduced":"1.11.0"},{"fixed":"1.12.6"},{"introduced":"1.11.0"},{"fixed":"1.12.6"},{"introduced":"1.11.0"},{"fixed":"1.12.6"}],"cpes":["cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*"]}]},"references":[{"type":"WEB","url":"http://www.securityfocus.com/archive/1/540001/100/0/threaded"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0116.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0123.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0127.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2017/Jan/21"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2017/Jan/29"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95361"},{"type":"ADVISORY","url":"https://access.redhat.com/security/vulnerabilities/cve-2016-9962"},{"type":"ADVISORY","url":"https://github.com/docker/docker/releases/tag/v1.12.6"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-34"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6"},{"type":"FIX","url":"https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/moby/moby","events":[{"introduced":"0"},{"fixed":"78d18021ecba00c00730dec9d56de6896f9e708d"}],"database_specific":{"source":"REFERENCES"}}],"versions":["v1.12.5","v1.12.5-rc1","v1.12.4","v1.12.4-rc1","v1.12.3","v1.12.3-rc1","v1.12.2","v1.12.2-rc3","v1.12.2-rc2","v1.12.2-rc1","v1.12.1","v1.12.1-rc2","v1.12.1-rc1","v1.12.0","v1.12.0-rc5","v1.12.0-rc4","v1.12.0-rc2","v1.12.0-rc1","v0.7.2","v0.7.1","v0.7.0","v0.6.5","v0.5.0","v0.4.7","v0.4.5","v0.4.4","v0.4.2","v0.4.1","v0.3.2","v0.3.1","v0.3.0","v0.2.2","v0.2.1","v0.2.0","v0.1.8","v0.1.7","v0.1.6","v0.1.5","v0.1.4","v0.1.3","v0.1.2","v0.1.1","v0.1.0","upstream/0.1.3","0.0.3","upstream/0.1.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9962.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/opencontainers/runc","events":[{"introduced":"0"},{"fixed":"50a19c6ff828c58e5dab13830bd3dacde268afe5"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9962.json","vanir_signatures_modified":"2026-05-30T08:42:13Z","vanir_signatures":[{"source":"https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5","target":{"file":"libcontainer/nsenter/nsexec.c"},"signature_type":"Line","id":"CVE-2016-9962-9357a1f5","deprecated":false,"digest":{"line_hashes":["251821556443359960608428361047721063429","141713138088543029735854453596287841678","326703517834071923454907693393914892954"],"threshold":0.9},"signature_version":"v1"},{"source":"https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5","target":{"file":"libcontainer/nsenter/nsexec.c","function":"nsexec"},"signature_type":"Function","id":"CVE-2016-9962-f00d1ad2","deprecated":false,"digest":{"length":1328,"function_hash":"25902919256002851746070539443732366512"},"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}