CNNVD-202511-472 Information
CNNVD ID
CNNVD-202511-472
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
youki是youki开源的一个 Rust 中 OCI 运行时规范的实现。 youki 0.5.6及之前版本存在安全漏洞,该漏洞源于apparmor处理程序对写入目标的验证不足,结合路径名解析期间的路径替换,可能导致写入非预期的procfs位置。
Description (English)
Youki is the realization of OCI when running in a Rust from the rouki open source. The security gap in yourki 0.5.6 and previous versions stems from the inadequate validation of the writing target by the apparmor process, combined with the routing replacement during the path description, which may lead to the inclusion of an unexpected procfs position.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
youki
Published
2025-11-06
Last Modified
2026-02-24
References
https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a https://github.com/youki-dev/youki/security/advisories/GHSA-vf95-55w6-qmrf https://youtu.be/tGseJW_uBB8 https://youtu.be/y1PaBzxwRWQ https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs https://access.redhat.com/security/cve/cve-2025-62596
Patch
https://github.com/youki-dev/youki/releases
Share on: