{"id":"CVE-2021-30465","details":"runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.","aliases":["GHSA-c3xm-pvg7-gh7r","GO-2022-0914"],"modified":"2026-04-16T04:35:15.790110360Z","published":"2021-05-27T13:15:08.077Z","related":["ALSA-2021:2291","ALSA-2021:2370","ALSA-2021:2371","CGA-qqf4-pjrx-g369","GHSA-c3xm-pvg7-gh7r","SUSE-SU-2021:1885-1","SUSE-SU-2021:1954-1","SUSE-SU-2021:3336-1","SUSE-SU-2021:3506-1","openSUSE-SU-2021:0878-1","openSUSE-SU-2021:1404-1","openSUSE-SU-2021:1954-1","openSUSE-SU-2021:3506-1","openSUSE-SU-2024:11358-1","openSUSE-SU-2025:15424-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HOARVIT47RULTTFWAU7XBG4WY6TDDHV/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/05/19/2"},{"type":"ADVISORY","url":"https://github.com/opencontainers/runc/releases"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202107-26"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210708-0003/"},{"type":"REPORT","url":"https://bugzilla.opensuse.org/show_bug.cgi?id=1185405"},{"type":"FIX","url":"https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f"},{"type":"FIX","url":"https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opencontainers/runc","events":[{"introduced":"0"},{"last_affected":"baf6536d6259209c3edfa2b22237af82942d3dfa"},{"introduced":"0"},{"last_affected":"04f275d4601ca7e5ff9460cec7f65e8dd15443ec"},{"introduced":"0"},{"last_affected":"dc9208a3303feef5b3839f4323d9beb36df0a9dd"},{"introduced":"0"},{"last_affected":"c91b5bea4830a57eac7882d7455d59518cdf70ec"},{"introduced":"0"},{"last_affected":"75f8da7c889acc4509a0cf6f0d3a8f9584778375"},{"introduced":"0"},{"last_affected":"2e7cfe036e2c6dc51ccca6eb7fa3ee6b63976dcd"},{"introduced":"0"},{"last_affected":"4fc53a81fb7c994640722ac585fa9ca548971871"},{"introduced":"0"},{"last_affected":"ccb5efd37fb7c86364786e9137e22948751de7ed"},{"introduced":"0"},{"last_affected":"69ae5da6afdcaaf38285a10b36f362e41cb298d6"},{"introduced":"0"},{"last_affected":"425e105d5a03fabd737a126ad93d62a9eeede87f"},{"introduced":"0"},{"last_affected":"d736ef14f0288d6993a1845745d6756cfc9ddd5a"},{"introduced":"0"},{"last_affected":"dc9208a3303feef5b3839f4323d9beb36df0a9dd"},{"introduced":"0"},{"last_affected":"24a3cf88a7ae5f4995f6750654c0e2ca61ef4bb2"},{"introduced":"0"},{"last_affected":"ff819c7e9184c13b7c2607fe6c30ae19403a7aff"},{"introduced":"0"},{"last_affected":"12644e614e25b05da6fd08a38ffa0cfe1903fdec"},{"introduced":"0"},{"last_affected":"2c7861bc5e1b3e756392236553ec14a78a09f8bf"},{"fixed":"0ca91f44f1664da834bc61115a849b56d22f595f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.1.1"},{"introduced":"0"},{"last_affected":"1.0.0-rc1"},{"introduced":"0"},{"last_affected":"1.0.0-rc10"},{"introduced":"0"},{"last_affected":"1.0.0-rc2"},{"introduced":"0"},{"last_affected":"1.0.0-rc3"},{"introduced":"0"},{"last_affected":"1.0.0-rc4"},{"introduced":"0"},{"last_affected":"1.0.0-rc5"},{"introduced":"0"},{"last_affected":"1.0.0-rc6"},{"introduced":"0"},{"last_affected":"1.0.0-rc7"},{"introduced":"0"},{"last_affected":"1.0.0-rc8"},{"introduced":"0"},{"last_affected":"1.0.0-rc9"},{"introduced":"0"},{"last_affected":"1.0.0-rc90"},{"introduced":"0"},{"last_affected":"1.0.0-rc91"},{"introduced":"0"},{"last_affected":"1.0.0-rc92"},{"introduced":"0"},{"last_affected":"1.0.0-rc93"},{"introduced":"0"},{"last_affected":"1.0.0-rc94"}]}}],"versions":["v0.0.1","v0.0.2","v0.0.3","v0.0.4","v0.0.5","v0.0.6","v0.0.7","v0.0.8","v0.1.0","v0.1.1","v1.0.0-rc1","v1.0.0-rc10","v1.0.0-rc2","v1.0.0-rc3","v1.0.0-rc4","v1.0.0-rc5","v1.0.0-rc6","v1.0.0-rc7","v1.0.0-rc8","v1.0.0-rc9","v1.0.0-rc90","v1.0.0-rc91","v1.0.0-rc92","v1.0.0-rc93","v1.0.0-rc94"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30465.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}