CVE-2016-8659

containers/bubblewrap

on github

Published

February 13, 2017

Severity

CVSS v3:

7 HIGH

CVSS v2:

6.9 MEDIUM

Description

Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.

References

https://github.com/projectatomic/bubblewrap/issues/107
http://www.openwall.com/lists/oss-security/2016/10/13/4
http://www.openwall.com/lists/oss-security/2016/10/12/5
http://www.securityfocus.com/bid/93542

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:bubblewrap_project:bubblewrap::::::::	n/a	0.1.1 (including)	*

External Links

NVD - CVE-2016-8659