Описание
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 2.34.1-1 |
| bionic | not-affected | 2.34.1-1 |
| cosmic | not-affected | 2.34.1-1 |
| devel | not-affected | 2.34.1-1 |
| disco | not-affected | 2.34.1-1 |
| eoan | not-affected | 2.34.1-1 |
| esm-infra-legacy/trusty | not-affected | 2.34.1-1 |
| esm-infra/bionic | not-affected | 2.34.1-1 |
| esm-infra/focal | not-affected | 2.34.1-1 |
| esm-infra/xenial | not-affected | 2.34.1-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 0.14-1 |
| bionic | not-affected | 0.14-1 |
| cosmic | not-affected | 0.14-1 |
| devel | not-affected | 0.14-1 |
| disco | not-affected | 0.14-1 |
| eoan | not-affected | 0.14-1 |
| esm-apps/bionic | not-affected | 0.14-1 |
| esm-apps/focal | not-affected | 0.14-1 |
| esm-apps/xenial | not-affected | 0.14-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [0.14-1]] |
Показывать по
EPSS
6.9 Medium
CVSS2
Связанные уязвимости
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
libgio, when used in setuid or other privileged programs in spice-gtk ...
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
EPSS
6.9 Medium
CVSS2