{"id":"CVE-2015-3629","details":"Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization (\"mount namespace breakout\") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.","aliases":["GHSA-g44j-7vp3-68cv","GO-2022-0647"],"modified":"2026-04-10T03:45:16.853463Z","published":"2015-05-18T15:59:15Z","related":["SUSE-SU-2015:0984-1","SUSE-SU-2025:03540-1","SUSE-SU-2025:03545-1","openSUSE-SU-2024:10532-1","openSUSE-SU-2025:15589-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2015/May/28"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/74558"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2015/May/28"},{"type":"REPORT","url":"https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"},{"type":"WEB","url":"http://www.securityfocus.com/bid/74558"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}