CPE Details
Apport Project Apport 2.20.9
2.20.9
2019-09-04
13h06 +00:00
13h06 +00:00
2021-04-26
10h46 +00:00
10h46 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:apport_project:apport:2.20.9:*:*:*:*:*:*:*
Informations
Vendor
apport_projectProduct
apportVersion
2.20.9Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing | 5.5 |
Moyen |
||
| Apport does not disable python crash handler before entering chroot | 7.8 |
Haute |
||
| is_closing_session() allows users to consume RAM in the Apport process | 5.5 |
Moyen |
||
| is_closing_session() allows users to create arbitrary tcp dbus connections | 7.1 |
Haute |
||
| is_closing_session() allows users to fill up apport.log | 5.5 |
Moyen |
||
| ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack | 5.5 |
Moyen |
||
| Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system. | 7 |
Haute |
||
| Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/ |
7.8 |
Haute |
2025©
tesweb SA
