CVE-2017-5226

moderate-risk
Published 2017-03-29

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.

Do I need to act?

!
10.4% chance of exploitation in next 30 days
EPSS score — higher than 90% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: d7fc532c42f0e9bf427923bab85433282b3e5117
10
CVSS 10.0/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Projectatomic

References (14)

http://www.openwall.com/lists/oss-security/2020/07/10/1
http://www.openwall.com/lists/oss-security/2023/03/17/1
Third Party Advisory http://www.securityfocus.com/bid/97260
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1411811
Patch https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab8543...
Exploit https://github.com/projectatomic/bubblewrap/issues/142
https://www.openwall.com/lists/oss-security/2023/03/14/2
http://www.openwall.com/lists/oss-security/2020/07/10/1
http://www.openwall.com/lists/oss-security/2023/03/17/1
Third Party Advisory http://www.securityfocus.com/bid/97260
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1411811
Patch https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab8543...
Exploit https://github.com/projectatomic/bubblewrap/issues/142
https://www.openwall.com/lists/oss-security/2023/03/14/2
49
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 11/34 · Low
Exposure 5/34 · Minimal