CVE-2017-18367 – libseccomp-golang: mishandling of multiple argument rules leading to a bypass of intended access restrictions

https://notcve.org/view.php?id=CVE-2017-18367

24 Apr 2019 — libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. libseccomp-golang versión 0.9.0 y anteriores, BPF generan incorrectamente múltiples argumentos OR en lugar de ANDing. Un proceso que se realiza bajo un filtro seccomp restrictivo que especificó múltiples argumentos de ... • http://www.openwall.com/lists/oss-security/2019/04/25/6 • CWE-20: Improper Input Validation CWE-305: Authentication Bypass by Primary Weakness •