Description
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Affected Packages4 packages
🔴Vulnerability Details
5OSVneedrestart regression↗2024-12-05 OSVneedrestart regression↗2024-11-26 OSVCVE-2024-11003: Qualys discovered that needrestart, before version 3↗2024-11-19 OSVSeveral security issues were fixed in needrestart and Module::ScanDeps↗2024-11-19 GHSAGHSA-9f4h-r2c7-m6w4: Qualys discovered that needrestart, before version 3↗2024-11-19 📋Vendor Advisories
4Ubuntuneedrestart regression↗2024-12-05 Ubuntuneedrestart regression↗2024-11-26 Ubuntuneedrestart and Module::ScanDeps vulnerabilities↗2024-11-19 DebianCVE-2024-11003: needrestart - Qualys discovered that needrestart, before version 3.8, passes unsanitized data ...↗2024 🕵️Threat Intelligence
5QualysMitigate High-Risk Vulnerabilities Using TruRisk | Qualys↗2024-12-04 QualysProactively Managing High-Risk Vulnerabilities with TruRisk Mitigate™↗2024-12-04 BleepingcomputerUbuntu Linux impacted by decade-old 'needrestart' flaw that gives root↗2024-11-20 QualysQualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart↗2024-11-19 QualysQualys TRU Uncovers 5 Local Privilege Escalation Flaws | Qualys↗2024-11-19