HIGH🇵🇱 Wersja polska

CVE-2021-25683

CVSS 8.8v3.1pub. 2021-06-11upd. 2024-11-21

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Canonical Apport

    APP
    Canonical
    2.20.1-0ubuntu1 – 2.20.1-0ubuntu2.30 (bez)2.20.9-0ubuntu1 – 2.20.9-0ubuntu7.23 (bez)2.20.11-0ubuntu27 – 2.20.11-0ubuntu27.16 (bez)2.20.11-0ubuntu50 – 2.20.11-0ubuntu50.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-28653HIGH7.5ten sam produkt

Users can consume unlimited disk space in /var/crash

CVE-2022-1242HIGH7.8ten sam produkt

Apport can be tricked into connecting to arbitrary sockets as the root user

CVE-2021-3899HIGH7.8ten sam produkt

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, a...

CVE-2023-1326HIGH7.7ten sam produkt

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. I...

CVE-2021-25684HIGH8.8ten sam produkt

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a...