CVE-2021-43784 fixed in 1.0.3 #1
Description
What happened?
A potential vulnerability was discovered in runc (related to an internal
usage of netlink), however upon further investigation we discovered that
while this bug was exploitable on the master branch of runc, no released
version of runc could be exploited using this bug. The exploit required
being able to create a netlink attribute with a length that would overflow a
uint16 but this was not possible in any released version of runc. For more
information see GHSA-v95c-p5hm-xq8f and CVE-2021-43784.
What did you expect to happen?
lts for which version?
How can we reproduce it (as minimally and precisely as possible)?
NA
Anything else we need to know?
No response