Hyper: Security Vulnerabilities
hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for Docker.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-04-19
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-04-09
Page 2