CVE-2019-10063

CWE-20Improper Input ValidationCWE-266CWE-358CWE-25012 documents7 sources
Severity
9.0CRITICAL
EPSS
0.1%
top 72.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Flatpak Flatpak
Timeline
PublishedMar 26
Latest updateMay 14

Description

Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request num

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages2 packages

NVDflatpak/flatpak1.2.01.2.4+3
Debianflatpak< 1.2.3-2+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-mc9j-733x-89cx: Flatpak before 12022-05-14
CVEList
CVE-2019-10063: Flatpak before 12019-03-26
OSV
CVE-2019-10063: Flatpak before 12019-03-26

📋Vendor Advisories

4
Red Hat
nautilus: sandbox security bypass2019-04-13
Red Hat
gnome-desktop: thumbnailer security bypass2019-04-13
Red Hat
flatpak: Sandbox bypass via IOCSTI (incomplete fix for CVE-2017-5226)2019-03-22
Debian
CVE-2019-10063: flatpak - Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allow...2019

💬Community

4
Bugzilla
CVE-2019-11460 gnome-desktop: thumbnailer security bypass2019-06-03
Bugzilla
CVE-2019-11461 nautilus: sandbox security bypass2019-05-17
Bugzilla
CVE-2019-10063 flatpak: Sandbox bypass via IOCSTI (incomplete fix for CVE-2017-5226) [fedora-all]2019-04-04
Bugzilla
CVE-2019-10063 flatpak: Sandbox bypass via IOCSTI (incomplete fix for CVE-2017-5226)2019-04-04
CVE-2019-10063 (CRITICAL CVSS 9) | Flatpak before 1.0.8 | cvebase.io