CVE-2022-28657

2024-06-0422:15:10

CWE-400

[email protected]

web.nvd.nist.gov

apport

python crash handler

chroot

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

EPSS

Percentile

9.0%

JSON

Apport does not disable python crash handler before entering chroot

Affected configurations

Nvd

Node

apport_projectapportRange<2.21.0

Node

canonicalubuntu_linuxMatch18.04esm

canonicalubuntu_linuxMatch20.04lts

canonicalubuntu_linuxMatch21.10-

canonicalubuntu_linuxMatch22.04lts

VendorProductVersionCPE
apport_projectapport*cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
canonicalubuntu_linux20.04cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
canonicalubuntu_linux21.10cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:-:*:*:*
canonicalubuntu_linux22.04cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*

Vendor	Product	Version	CPE
apport_project	apport	*	cpe:2.3:a:apport_project:apport::::::::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm:::
canonical	ubuntu_linux	20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
canonical	ubuntu_linux	21.10	cpe:2.3:o:canonical:ubuntu_linux:21.10::::-:::
canonical	ubuntu_linux	22.04	cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::