CVE-2019-10063

2019-03-2614:29:00

Debian Security Bug Tracker

security-tracker.debian.org

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.5%

JSON

Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.

OSVersionArchitecturePackageVersionFilename
Debian12allflatpak< 1.2.3-2flatpak_1.2.3-2_all.deb
Debian11allflatpak< 1.2.3-2flatpak_1.2.3-2_all.deb
Debian10allflatpak< 1.2.3-2flatpak_1.2.3-2_all.deb
Debian999allflatpak< 1.2.3-2flatpak_1.2.3-2_all.deb
Debian13allflatpak< 1.2.3-2flatpak_1.2.3-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	flatpak	< 1.2.3-2	flatpak_1.2.3-2_all.deb
Debian	11	all	flatpak	< 1.2.3-2	flatpak_1.2.3-2_all.deb
Debian	10	all	flatpak	< 1.2.3-2	flatpak_1.2.3-2_all.deb
Debian	999	all	flatpak	< 1.2.3-2	flatpak_1.2.3-2_all.deb
Debian	13	all	flatpak	< 1.2.3-2	flatpak_1.2.3-2_all.deb