It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
oryginał ENCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HCanonical Apport
APPCanonical2.20.1-0ubuntu1 – 2.20.1-0ubuntu2.30 (bez)2.20.9-0ubuntu1 – 2.20.9-0ubuntu7.23 (bez)2.20.11-0ubuntu27 – 2.20.11-0ubuntu27.16 (bez)2.20.11-0ubuntu50 – 2.20.11-0ubuntu50.5 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2022-28653HIGH7.5ten sam produkt
Users can consume unlimited disk space in /var/crash
CVE-2022-1242HIGH7.8ten sam produkt
Apport can be tricked into connecting to arbitrary sockets as the root user
CVE-2021-3899HIGH7.8ten sam produkt
There is a race condition in the 'replaced executable' detection that, with the correct local configuration, a...
CVE-2023-1326HIGH7.7ten sam produkt
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. I...
CVE-2021-25683HIGH8.8ten sam produkt
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat f...