7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.1%
Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | libcgroup | < 0.37.1-1 | libcgroup_0.37.1-1_all.deb |
Debian | 11 | all | libcgroup | < 0.37.1-1 | libcgroup_0.37.1-1_all.deb |
Debian | 999 | all | libcgroup | < 0.37.1-1 | libcgroup_0.37.1-1_all.deb |
Debian | 13 | all | libcgroup | < 0.37.1-1 | libcgroup_0.37.1-1_all.deb |