CVE-2018-6560

Published February 2nd, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.6

MEDIUM

Affected

PROJECT

Description

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.

flatpak/flatpak

Linux application sandboxing and distribution framework

GitHub

4.96K