cbcvebase.
CVE-2022-29800
published 2022-09-21

CVE-2022-29800: A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between…

PriorityP429medium4.7CVSS 3.1
AVLACHPRLUINSUCNIHAN
EPSS
6.41%
92.8th percentile
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.

Affected

1 ranges
VendorProductVersion rangeFixed in
debiannetworkd-dispatcher< networkd-dispatcher 2.2.3-1 (bookworm)networkd-dispatcher 2.2.3-1 (bookworm)

CVSS provenance

nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
osv5.5MEDIUM
vendor_ubuntu5.5MEDIUM
vendor_debian4.7LOW
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.