{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-10-14T21:06:11.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"https://github.com/seccomp/libseccomp-golang/issues/22"},{"tags":["x_refsource_MISC"],"url":"https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e"},{"name":"[oss-security] 20190425 Re: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2019/04/25/6"},{"name":"RHSA-2019:4087","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:4087"},{"name":"RHSA-2019:4090","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:4090"},{"name":"[debian-lts-announce] 20200811 [SECURITY] [DLA 2320-1] golang-github-seccomp-libseccomp-golang security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00016.html"},{"name":"USN-4574-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"https://usn.ubuntu.com/4574-1/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-18367","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://github.com/seccomp/libseccomp-golang/issues/22","refsource":"MISC","url":"https://github.com/seccomp/libseccomp-golang/issues/22"},{"name":"https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e","refsource":"MISC","url":"https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e"},{"name":"[oss-security] 20190425 Re: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2019/04/25/6"},{"name":"RHSA-2019:4087","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:4087"},{"name":"RHSA-2019:4090","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:4090"},{"name":"[debian-lts-announce] 20200811 [SECURITY] [DLA 2320-1] golang-github-seccomp-libseccomp-golang security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00016.html"},{"name":"USN-4574-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/4574-1/"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T21:20:50.557Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/seccomp/libseccomp-golang/issues/22"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e"},{"name":"[oss-security] 20190425 Re: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2019/04/25/6"},{"name":"RHSA-2019:4087","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4087"},{"name":"RHSA-2019:4090","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4090"},{"name":"[debian-lts-announce] 20200811 [SECURITY] [DLA 2320-1] golang-github-seccomp-libseccomp-golang security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00016.html"},{"name":"USN-4574-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"https://usn.ubuntu.com/4574-1/"}]}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2017-18367","datePublished":"2019-04-24T20:02:19.000Z","dateReserved":"2019-04-24T00:00:00.000Z","dateUpdated":"2024-08-05T21:20:50.557Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}