CVE-2021-25684

CWE-20Improper Input Validation8 documents5 sources
Severity
7.8HIGH
EPSS
0.0%
top 86.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Canonical Apport
Timeline
PublishedJun 11
Latest updateMay 24

Description

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages3 packages

CVEListV5canonical/apport2.20.12.20.1-0ubuntu2.30+3
NVDcanonical/apport2.20.1-0ubuntu12.20.1-0ubuntu2.30+3
Ubuntuapport< 2.20.1-0ubuntu2.30+3

🔴Vulnerability Details

5
GHSA
GHSA-5wpx-42qp-2c7p: It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO2022-05-24
CVEList
apport can be stalled by reading a FIFO2021-06-11
OSV
apport vulnerabilities2021-02-03
OSV
CVE-2021-25684: It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO2021-02-02
OSV
apport vulnerabilities2021-02-02

📋Vendor Advisories

2
Ubuntu
Apport vulnerabilities2021-02-03
Ubuntu
Apport vulnerabilities2021-02-02
CVE-2021-25684 (HIGH CVSS 7.8) | It was discovered that apport in da | cvebase.io