Vulnerability Report: GO-2025-3543
withdrawn- CVE-2025-27612
- Affects: github.com/opencontainers/runc
- Published: Mar 25, 2025
- Modified: Mar 26, 2025
- Withdrawn: Mar 26, 2025
(This report has been withdrawn with reason: "Does not affect Go code."). https://nvd.nist.gov/vuln/detail/CVE-2025-27612 lists https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66 which caused automation to flag as Go; the affected repo is https://github.com/youki-dev/youki (Rust).
For detailed information about this vulnerability, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27612.
Affected Modules
-
PathGo VersionsCustom Versions*
-
all versions, no known fixedbefore 0.5.3
*Custom versions, which can't be mapped automatically to standard Go module versions, are ignored by govulncheck. (See this note on versions for more details.)
Aliases
References
- https://nvd.nist.gov/vuln/detail/CVE-2025-27612
- https://github.com/youki-dev/youki/commit/747e342d2026fbf3a395db3e2a491ebef00082f1
- https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
- https://github.com/youki-dev/youki/blob/9e63fa4da1672a78ca45100f3059a732784a5174/crates/libcontainer/src/container/tenant_builder.rs#L408
- https://github.com/youki-dev/youki/security/advisories/GHSA-5w4j-f78p-4wh9
- https://vuln.go.dev/ID/GO-2025-3543.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.