Inappropriate Encoding for Output Context

CVE-2018-9862

High

7.8/10

Summary

util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-838 - Inappropriate Encoding for Output Context

The software uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component.

References

Advisory Timeline

Published Apr 09, 2018

Inappropriate Encoding for Output Context

CVE-2018-9862

Summary

CWE-838 - Inappropriate Encoding for Output Context

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS