{"id":"UBUNTU-CVE-2016-9962","details":"RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.","modified":"2026-02-10T22:55:39.488323Z","published":"2017-01-31T22:59:00Z","upstream":["CVE-2016-9962"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9962"},{"type":"REPORT","url":"https://github.com/docker/docker/compare/v1.12.5...v1.12.6"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2016-9962"}],"affected":[{"package":{"name":"docker.io","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/docker.io@1.13.1-0ubuntu1~16.04.2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.13.1-0ubuntu1~16.04.2"}]}],"versions":["1.6.2~dfsg1-1ubuntu4","1.10.2-0ubuntu3","1.10.2-0ubuntu4","1.10.3-0ubuntu1","1.10.3-0ubuntu4","1.10.3-0ubuntu5","1.10.3-0ubuntu6","1.11.2-0ubuntu5~16.04","1.12.1-0ubuntu13~16.04.1","1.12.3-0ubuntu4~16.04.2","1.12.6-0ubuntu1~16.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.13.1-0ubuntu1~16.04.2","binary_name":"docker.io"},{"binary_version":"1.13.1-0ubuntu1~16.04.2","binary_name":"golang-docker-dev"},{"binary_version":"1.13.1-0ubuntu1~16.04.2","binary_name":"golang-github-docker-docker-dev"},{"binary_version":"1.13.1-0ubuntu1~16.04.2","binary_name":"vim-syntax-docker"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-9962.json"}},{"package":{"name":"runc","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/runc@1.0.0~rc2+docker1.13.1-0ubuntu1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.0~rc2+docker1.13.1-0ubuntu1"}]}],"ecosystem_specific":{"binaries":[{"binary_version":"1.0.0~rc2+docker1.13.1-0ubuntu1","binary_name":"golang-github-opencontainers-runc-dev"},{"binary_version":"1.0.0~rc2+docker1.13.1-0ubuntu1","binary_name":"runc"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-9962.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}