CVE-2018-16359

medium

Description

Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS.

References

https://github.com/google/gvisor/commit/001a4c2493b13a43d62c7511fb509a959ae4abc2

https://bugs.chromium.org/p/project-zero/issues/detail?id=1632

Details

Source: Mitre, NVD

Published: 2018-09-02

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:C/A:N

Severity: High

CVSS v3

Base Score: 6.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00117