{"id":"UBUNTU-CVE-2017-18367","details":"libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.","modified":"2026-01-30T00:51:17.009079Z","published":"2019-04-24T21:29:00Z","related":["USN-4574-1"],"upstream":["CVE-2017-18367"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-18367"},{"type":"REPORT","url":"https://github.com/seccomp/libseccomp-golang/issues/22"},{"type":"REPORT","url":"https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4574-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2017-18367"}],"affected":[{"package":{"name":"golang-github-seccomp-libseccomp-golang","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/golang-github-seccomp-libseccomp-golang@0.0~git20150813.0.1b506fc-2+deb9u1build0.16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.0~git20150813.0.1b506fc-2+deb9u1build0.16.04.1"}]}],"versions":["0.0~git20150813.0.1b506fc-1"],"ecosystem_specific":{"binaries":[{"binary_name":"golang-github-seccomp-libseccomp-golang-dev","binary_version":"0.0~git20150813.0.1b506fc-2+deb9u1build0.16.04.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-18367.json"}},{"package":{"name":"golang-github-seccomp-libseccomp-golang","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/golang-github-seccomp-libseccomp-golang@0.9.0-1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.9.0-1"],"ecosystem_specific":{"binaries":[{"binary_name":"golang-github-seccomp-libseccomp-golang-dev","binary_version":"0.9.0-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-18367.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}