CVE-2016-8659
on github
Published
Severity
CVSS v3:
7 HIGH
CVSS v2:
6.9 MEDIUM
Description
Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:bubblewrap_project:bubblewrap:*:*:*:*:*:*:*:* | n/a | 0.1.1 (including) | * |