How severe is CVE-2019-5736?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2019-5736?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2019-5736 - HIGH Severity | CVSS 8.6

Vulnerability Description

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Related Vulnerabilities

CVE-2019-12735

HIGH

CVSS:8.6(High)

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_...

CWE-782019

CVE-2020-28494

HIGH

CVSS:8.6(High)

This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process...

CWE-782020

CVE-2021-39826

HIGH

CVSS:8.6(High)

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary comman...

CWE-782021

CVE-2023-47105

HIGH

CVSS:8.6(High)

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.

CWE-782023

CVE-2024-11858

HIGH

CVSS:8.6(High)

A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shel...

CWE-782024

CVE-2020-26284

HIGH

CVSS:8.5(High)

Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's `os/exec` for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system `%P...

CWE-782020