Canonical Apport vulnerabilities

CVE-2025-5467 [LOW] CWE-708 CVE-2025-5467: It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.

CVE-2025-5054 [MEDIUM] CWE-362 CVE-2025-5054: Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensit Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to

CVE-2022-28653 [HIGH] CVE-2022-28653: Users can consume unlimited disk space in /var/crash Users can consume unlimited disk space in /var/crash

CVE-2022-1242 [HIGH] CWE-20 CVE-2022-1242: Apport can be tricked into connecting to arbitrary sockets as the root user Apport can be tricked into connecting to arbitrary sockets as the root user

CVE-2021-3899 [HIGH] CWE-367 CVE-2021-3899: There is a race condition in the 'replaced executable' detection that, with the correct local config There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.

CVE-2023-1326 [HIGH] CWE-269 CVE-2023-1326: A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-202 A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrat

CVE-2021-3710 [MEDIUM] CWE-24 CVE-2021-3710: An information disclosure via path traversal was discovered in apport/hookutils.py function read_fil An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.2

CVE-2021-3709 [MEDIUM] CWE-538 CVE-2021-3709: Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into ex Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.

CVE-2021-32557 [MEDIUM] CWE-59 CVE-2021-32557: It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary f It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.

CVE-2021-32548 [HIGH] CWE-59 CVE-2021-32548: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.

CVE-2021-32552 [HIGH] CWE-59 CVE-2021-32552: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.

CVE-2021-32547 [HIGH] CWE-59 CVE-2021-32547: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.

CVE-2021-32555 [HIGH] CWE-59 CVE-2021-32555: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.

CVE-2021-32550 [HIGH] CWE-59 CVE-2021-32550: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.

CVE-2021-32549 [HIGH] CWE-59 CVE-2021-32549: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.

CVE-2021-32554 [HIGH] CWE-59 CVE-2021-32554: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.

CVE-2021-32553 [HIGH] CWE-59 CVE-2021-32553: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.

CVE-2021-32551 [HIGH] CWE-59 CVE-2021-32551: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.

CVE-2021-32556 [LOW] CWE-78 CVE-2021-32556: It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allow It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.

CVE-2021-25682 [HIGH] CWE-20 CVE-2021-25682: It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/p It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.