CNNVD-202511-473 Information

CNNVD ID

CNNVD-202511-473

Related CVE

CVE-2025-62161

• CNNVD Published: 2025-11-06

Description (Chinese)

youki是youki开源的一个 Rust 中 OCI 运行时规范的实现。 youki 0.5.6及之前版本存在安全漏洞，该漏洞源于对源/dev/null的初始验证不足，可能导致容器逃逸。

Description (English)

Youki is the realization of OCI when running in a Rust from the rouki open source. Youki 0.5.6 and previous versions contain a security loophole, which results from insufficient initial verification of source/dev/null, which may lead to the escape of containers.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

youki

Published

2025-11-06

Last Modified

2026-02-24

References

https://github.com/youki-dev/youki/security/advisories/GHSA-4g74-7cff-xcv8 https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a https://access.redhat.com/security/cve/cve-2025-62161

Patch

https://github.com/youki-dev/youki/releases