CVE-2021-25683 apport improperly parses /proc/pid/stat

2021-06-1102:20:19

CWE-20

canonical

www.cve.org

cve-2021-25683

apport

get_starttime function

kernel file parsing

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

18.5%

JSON

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.

CNA Affected

[
  {
    "product": "apport",
    "vendor": "Canonical",
    "versions": [
      {
        "lessThan": "2.20.1-0ubuntu2.30",
        "status": "affected",
        "version": "2.20.1",
        "versionType": "custom"
      },
      {
        "lessThan": "2.20.9-0ubuntu7.23",
        "status": "affected",
        "version": "2.20.9",
        "versionType": "custom"
      },
      {
        "lessThan": "2.20.11-0ubuntu27.16",
        "status": "affected",
        "version": "2.20.11-0ubuntu27",
        "versionType": "custom"
      },
      {
        "lessThan": "2.20.11-0ubuntu50.5",
        "status": "affected",
        "version": "2.20.11-0ubuntu50",
        "versionType": "custom"
      }
    ]
  }
]