Lucene search

PRIOn knowledge basePRION:CVE-2022-30688

HistoryMay 17, 2022 - 7:15 p.m.

Privilege escalation

2022-05-1719:15:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.

CPENameOperatorVersion
debian_linuxeq9.0
debian_linuxeq10.0
debian_linuxeq11.0
needrestartge0.8
needrestartlt3.6

Name	Operator	Version
debian_linux	eq	9.0
debian_linux	eq	10.0
debian_linux	eq	11.0
needrestart	ge	0.8
needrestart	lt	3.6

References

www.openwall.com/lists/oss-security/2022/05/17/9

github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30

github.com/liske/needrestart/releases/tag/v3.6

lists.debian.org/debian-lts-announce/2022/05/msg00024.html

lists.debian.org/debian-security-announce/2022/msg00105.html

www.debian.org/security/2022/dsa-5137