LOW🇵🇱 Wersja polska

CVE-2025-5467

CVSS 1.9v4.0pub. 2025-12-10upd. 2025-12-17

It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.

CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Canonical Apport

    APP
    Canonical
    2.20.1-0ubuntu1 – 2.20.1-0ubuntu2.30 (bez)2.20.9-0ubuntu7 – 2.20.9-0ubuntu7.29 (bez)2.20.11-0ubuntu27 – 2.20.11-0ubuntu27.28 (bez)2.20.11-0ubuntu82 – 2.20.11-0ubuntu82.7 (bez)2.28.1-0ubuntu1 – 2.28.1-0ubuntu3.6 (bez)2.32.0-0ubuntu1 – 2.32.0-0ubuntu5.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-28653HIGH7.5ten sam produkt

Users can consume unlimited disk space in /var/crash

CVE-2022-1242HIGH7.8ten sam produkt

Apport can be tricked into connecting to arbitrary sockets as the root user

CVE-2021-3899HIGH7.8ten sam produkt

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, a...

CVE-2023-1326HIGH7.7ten sam produkt

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. I...

CVE-2021-25683HIGH8.8ten sam produkt

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat f...