Iproute2 Project Iproute2 vulnerabilities

CVE-2019-20795 [MEDIUM] CWE-416 CVE-2019-20795: iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.

CVE-2012-1088 [LOW] CWE-59 CVE-2012-1088: iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temp iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.