Apport Project Apport vulnerabilities
50 known vulnerabilities affecting apport_project/apport.
Total CVEs
50
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
HIGH24MEDIUM21LOW5
Vulnerabilities
Page 3 of 3
CVE-2019-11482P4MEDIUMCVSS 4.7≥ 0, < 2.14.1-0ubuntu3.29+esm2≥ 0, < 2.20.1-0ubuntu2.20+1 more2019-10-29
CVE-2019-11482 [MEDIUM] CVE-2019-11482: Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitr
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
osv
CVE-2022-28654P4MEDIUMCVSS 5.5fixed in 2.21.02024-06-04
CVE-2022-28654 [MEDIUM] CWE-770 CVE-2022-28654: is_closing_session() allows users to fill up apport.log
is_closing_session() allows users to fill up apport.log
nvdosv
CVE-2022-28656P4MEDIUMCVSS 5.5fixed in 2.21.02024-06-04
CVE-2022-28656 [MEDIUM] CWE-770 CVE-2022-28656: is_closing_session() allows users to consume RAM in the Apport process
is_closing_session() allows users to consume RAM in the Apport process
nvdosv
CVE-2020-15701P4MEDIUMCVSS 5.5≥ 0, < 2.14.1-0ubuntu3.29+esm5≥ 0, < 2.20.1-0ubuntu2.24+2 more2020-05-13
CVE-2020-15701 [MEDIUM] CVE-2020-15701: An unhandled exception in check_ignored() in apport/report
An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.
osv
CVE-2022-28652P4MEDIUMCVSS 5.5fixed in 2.21.02024-06-04
CVE-2022-28652 [MEDIUM] CWE-776 CVE-2022-28652: ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
nvdosv
CVE-2019-15790P4LOWCVSS 3.3≥ 0, < 2.14.1-0ubuntu3.29+esm2≥ 0, < 2.20.1-0ubuntu2.20+1 more2019-10-29
CVE-2019-15790 [LOW] CVE-2019-15790: Apport reads and writes information on a crashed process to /proc/pid with elevated privileges
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could
osv
CVE-2021-32556P4LOWCVSS 3.3≥ 0, < 2.14.1-0ubuntu3.29+esm7≥ 0, < 2.20.1-0ubuntu2.30+esm1+2 more2021-05-25
CVE-2021-32556 [LOW] CVE-2021-32556: It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
osv
CVE-2019-11483P4LOWCVSS 3.3≥ 0, < 2.14.1-0ubuntu3.29+esm2≥ 0, < 2.20.1-0ubuntu2.20+1 more2019-10-29
CVE-2019-11483 [LOW] CVE-2019-11483: Sander Bos discovered Apport mishandled crash dumps originating from containers
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.
osv
CVE-2019-11485P4LOWCVSS 3.3≥ 0, < 2.14.1-0ubuntu3.29+esm2≥ 0, < 2.20.1-0ubuntu2.20+1 more2019-10-29
CVE-2019-11485 [LOW] CVE-2019-11485: Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
osv
CVE-2020-11936LOWCVSS 3.1≥ 0, < 2.14.1-0ubuntu3.29+esm52020-09-02
CVE-2020-11936 [LOW] apport vulnerabilities
apport vulnerabilities
USN-4449-1 fixed several vulnerabilities in Apport. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that
Apport incorrectly dropped privileges when making certain D-Bus calls. A
local attacker could use this issue to read arbitrary files.
(CVE-2020-11936)
Seong-Joong Kim discovered that Apport incorrectly pars
osv
← Previous3 / 3