cve-2019-5736

Tencent Cloud Developer

Feb 14, 2019 · Information Security

Critical runc Container Escape Vulnerability Advisory (CVE-2019-5736)

A critical CVE‑2019‑5736 vulnerability in the runc container runtime lets a malicious container overwrite the host’s runc binary, granting attackers root‑level code execution that can compromise other containers, the host system, and the network, with a CVSS 3.0 score of 7.2, affecting runc, Apache Mesos and LXC, and requiring prompt updates.