Canonical Ltd. Apport vulnerabilities

10 known vulnerabilities affecting canonical_ltd./apport.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2022-28653HIGHCVSS 7.5fixed in 2.21.02025-01-31
CVE-2022-28653 [HIGH] CVE-2022-28653: Users can consume unlimited disk space in /var/crash Users can consume unlimited disk space in /var/crash
cvelistv5nvd
CVE-2022-28657HIGHCVSS 7.8fixed in 2.21.02024-06-04
CVE-2022-28657 [HIGH] CWE-400 CVE-2022-28657: Apport does not disable python crash handler before entering chroot Apport does not disable python crash handler before entering chroot
cvelistv5nvd
CVE-2022-28655HIGHCVSS 7.1fixed in 2.21.02024-06-04
CVE-2022-28655 [HIGH] CWE-770 CVE-2022-28655: is_closing_session() allows users to create arbitrary tcp dbus connections is_closing_session() allows users to create arbitrary tcp dbus connections
cvelistv5nvd
CVE-2022-28656MEDIUMCVSS 5.5fixed in 2.21.02024-06-04
CVE-2022-28656 [MEDIUM] CWE-770 CVE-2022-28656: is_closing_session() allows users to consume RAM in the Apport process is_closing_session() allows users to consume RAM in the Apport process
cvelistv5nvd
CVE-2022-28652MEDIUMCVSS 5.5fixed in 2.21.02024-06-04
CVE-2022-28652 [MEDIUM] CWE-776 CVE-2022-28652: ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
cvelistv5nvd
CVE-2022-28654MEDIUMCVSS 5.5fixed in 2.21.02024-06-04
CVE-2022-28654 [MEDIUM] CWE-770 CVE-2022-28654: is_closing_session() allows users to fill up apport.log is_closing_session() allows users to fill up apport.log
cvelistv5nvd
CVE-2022-28658MEDIUMCVSS 5.5fixed in 2.21.02024-06-04
CVE-2022-28658 [MEDIUM] CVE-2022-28658: Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofin Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
cvelistv5nvd
CVE-2022-1242HIGHCVSS 7.8fixed in 2.21.02024-06-03
CVE-2022-1242 [HIGH] CWE-20 CVE-2022-1242: Apport can be tricked into connecting to arbitrary sockets as the root user Apport can be tricked into connecting to arbitrary sockets as the root user
cvelistv5nvd
CVE-2021-3899HIGHCVSS 7.8fixed in 2.21.02024-06-03
CVE-2021-3899 [HIGH] CWE-367 CVE-2021-3899: There is a race condition in the 'replaced executable' detection that, with the correct local config There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.
cvelistv5nvd
CVE-2023-1326HIGHCVSS 7.8≤ 2.26.02023-04-13
CVE-2023-1326 [HIGH] CWE-269 CVE-2023-1326: A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-202 A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrat
cvelistv5nvd