CVE-2024-29068

CWE-20Improper Input Validation11 documents6 sources
Severity
6.6MEDIUM
EPSS
0.0%
top 92.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical SnapdGithub.com Snapcore/snapd
Timeline
PublishedJul 25
Latest updateJan 13

Description

In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained non-regular files at these paths could then cause snapd to bloc

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:HExploitability: 0.6 | Impact: 5.2

Affected Packages4 packages

CVEListV5canonical/snapd< 2.62
NVDcanonical/snapd< 2.62
Debiansnapd< 2.62-1+1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

7
OSV
snapd vulnerabilities2025-01-13
OSV
snapd failed to properly check the file type when extracting a snap in github.com/snapcore/snapd2024-08-06
OSV
snapd vulnerabilities2024-08-01
CVEList
snapd non-regular file indefinite blocking read2024-07-25
OSV
CVE-2024-29068: In snapd versions prior to 22024-07-25

📋Vendor Advisories

3
Ubuntu
snapd vulnerabilities2025-01-13
Ubuntu
snapd vulnerabilities2024-08-01
Debian
CVE-2024-29068: snapd - In snapd versions prior to 2.62, snapd failed to properly check the file type wh...2024
CVE-2024-29068 (MEDIUM CVSS 6.6) | In snapd versions prior to 2.62 | cvebase.io