Apport Project Apport vulnerabilities
50 known vulnerabilities affecting apport_project/apport.
Total CVEs
50
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
HIGH24MEDIUM21LOW5
Vulnerabilities
Page 2 of 3
CVE-2021-25682P3HIGHCVSS 7.8≥ 0, < 2.14.1-0ubuntu3.29+esm6≥ 0, < 2.20.1-0ubuntu2.30+2 more2021-02-02
CVE-2021-25682 [HIGH] CVE-2021-25682: It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
osv
CVE-2021-25683P3HIGHCVSS 7.8≥ 0, < 2.14.1-0ubuntu3.29+esm6≥ 0, < 2.20.1-0ubuntu2.30+2 more2021-02-02
CVE-2021-25683 [HIGH] CVE-2021-25683: It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
osv
CVE-2021-32557P4HIGHCVSS 7.1≥ 0, < 2.14.1-0ubuntu3.29+esm7≥ 0, < 2.20.1-0ubuntu2.30+esm1+2 more2021-05-25
CVE-2021-32557 [HIGH] CVE-2021-32557: It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
osv
CVE-2022-28655P4HIGHCVSS 7.1fixed in 2.21.02024-06-04
CVE-2022-28655 [HIGH] CWE-770 CVE-2022-28655: is_closing_session() allows users to create arbitrary tcp dbus connections
is_closing_session() allows users to create arbitrary tcp dbus connections
nvdosv
CVE-2019-7307P4HIGHCVSS 7.0v2.14.1v2.20.1+2 more2019-08-29
CVE-2019-7307 [HIGH] CWE-367 CVE-2019-7307: Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubun
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of t
nvdosv
CVE-2020-8831P4MEDIUMCVSS 5.5≥ 0, < 2.14.1-0ubuntu3.29+esm42020-06-15
CVE-2020-8831 [MEDIUM] apport vulnerabilities
apport vulnerabilities
USN-4315-1 fixed several vulnerabilities in Apport. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Maximilien Bourgeteau discovered that the Apport lock file was created with
insecure permissions. This could allow a local attacker to escalate their
privileges via a symlink attack. (CVE-2020-8831)
Maximilien Bourgeteau discovered a race condition in Apport when setting
crash re
osv
CVE-2021-3709P4MEDIUMCVSS 5.5≥ 0, < 2.14.1-0ubuntu3.29+esm8≥ 0, < 2.20.1-0ubuntu2.30+esm2+2 more2021-09-14
CVE-2021-3709 [MEDIUM] CVE-2021-3709: Function check_attachment_for_errors() in file data/general-hooks/ubuntu
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions pr
osv
CVE-2021-3710P4MEDIUMCVSS 5.5≥ 0, < 2.14.1-0ubuntu3.29+esm8≥ 0, < 2.20.1-0ubuntu2.30+esm2+2 more2021-09-14
CVE-2021-3710 [MEDIUM] CVE-2021-3710: An information disclosure via path traversal was discovered in apport/hookutils
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
osv
CVE-2022-28658P4MEDIUMCVSS 5.5fixed in 2.21.02024-06-04
CVE-2022-28658 [MEDIUM] CVE-2022-28658: Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofin
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
nvdosv
CVE-2020-8833P4MEDIUMCVSS 4.7≥ 0, < 2.14.1-0ubuntu3.29+esm4≥ 0, < 2.20.1-0ubuntu2.23+2 more2020-04-02
CVE-2020-8833 [MEDIUM] CVE-2020-8833: Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportuni
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size
osv
CVE-2021-32551P4MEDIUMCVSS 5.5≥ 0, < 2.14.1-0ubuntu3.29+esm7≥ 0, < 2.20.1-0ubuntu2.30+esm1+2 more2021-05-25
CVE-2021-32551 [MEDIUM] CVE-2021-32551: It was discovered that read_file() in apport/hookutils
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.
osv
CVE-2021-32555P4MEDIUMCVSS 5.5≥ 0, < 2.14.1-0ubuntu3.29+esm7≥ 0, < 2.20.1-0ubuntu2.30+esm1+2 more2021-05-25
CVE-2021-32555 [MEDIUM] CVE-2021-32555: It was discovered that read_file() in apport/hookutils
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.
osv
CVE-2021-32549P4MEDIUMCVSS 5.5≥ 0, < 2.14.1-0ubuntu3.29+esm7≥ 0, < 2.20.1-0ubuntu2.30+esm1+2 more2021-05-25
CVE-2021-32549 [MEDIUM] CVE-2021-32549: It was discovered that read_file() in apport/hookutils
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.
osv
CVE-2021-32553P4MEDIUMCVSS 5.5≥ 0, < 2.14.1-0ubuntu3.29+esm7≥ 0, < 2.20.1-0ubuntu2.30+esm1+2 more2021-05-25
CVE-2021-32553 [MEDIUM] CVE-2021-32553: It was discovered that read_file() in apport/hookutils
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.
osv
CVE-2021-32547P4MEDIUMCVSS 5.5≥ 0, < 2.14.1-0ubuntu3.29+esm7≥ 0, < 2.20.1-0ubuntu2.30+esm1+2 more2021-05-25
CVE-2021-32547 [MEDIUM] CVE-2021-32547: It was discovered that read_file() in apport/hookutils
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.
osv
CVE-2021-32554P4MEDIUMCVSS 5.5≥ 0, < 2.14.1-0ubuntu3.29+esm7≥ 0, < 2.20.1-0ubuntu2.30+esm1+2 more2021-05-25
CVE-2021-32554 [MEDIUM] CVE-2021-32554: It was discovered that read_file() in apport/hookutils
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.
osv
CVE-2021-32548P4MEDIUMCVSS 5.5≥ 0, < 2.14.1-0ubuntu3.29+esm7≥ 0, < 2.20.1-0ubuntu2.30+esm1+2 more2021-05-25
CVE-2021-32548 [MEDIUM] CVE-2021-32548: It was discovered that read_file() in apport/hookutils
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.
osv
CVE-2021-32552P4MEDIUMCVSS 5.5≥ 0, < 2.14.1-0ubuntu3.29+esm7≥ 0, < 2.20.1-0ubuntu2.30+esm1+2 more2021-05-25
CVE-2021-32552 [MEDIUM] CVE-2021-32552: It was discovered that read_file() in apport/hookutils
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
osv
CVE-2021-32550P4MEDIUMCVSS 5.5≥ 0, < 2.14.1-0ubuntu3.29+esm7≥ 0, < 2.20.1-0ubuntu2.30+esm1+2 more2021-05-25
CVE-2021-32550 [MEDIUM] CVE-2021-32550: It was discovered that read_file() in apport/hookutils
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.
osv
CVE-2025-5054P4MEDIUMCVSS 4.7≥ 0, < 2.20.1-0ubuntu2.30+esm5≥ 0, < 2.20.9-0ubuntu7.29+esm1+3 more2025-05-29
CVE-2025-5054 [MEDIUM] CVE-2025-5054: Race condition in Canonical apport up to and including 2
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Beca
osv