Debian Security Bug TrackerDEBIANCVE:CVE-2019-13351CVE-2019-13351
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.2%
posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a “double file descriptor close” issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | jackd2 | < 1.9.14~dfsg-0.1 | jackd2_1.9.14~dfsg-0.1_all.deb |
| Debian | 11 | all | jackd2 | < 1.9.14~dfsg-0.1 | jackd2_1.9.14~dfsg-0.1_all.deb |
| Debian | 10 | all | jackd2 | <= 1.9.12~dfsg-2 | jackd2_1.9.12~dfsg-2_all.deb |
| Debian | 999 | all | jackd2 | < 1.9.14~dfsg-0.1 | jackd2_1.9.14~dfsg-0.1_all.deb |
| Debian | 13 | all | jackd2 | < 1.9.14~dfsg-0.1 | jackd2_1.9.14~dfsg-0.1_all.deb |
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.2%