2 matches found
CVE-2021-42341
CVE-2021-42341 concerns OpenRC: in versions prior to 0.44.7, checkpath allocates strings based on strlen() output without reserving space for the terminating ‘\0’, causing memory corruption. The vulnerability was introduced in commit 63db2d99e730547339d1bdd28e8437999c380cae as part of OpenRC 0.44...
CVE-2018-21269
CVE-2018-21269 affects OpenRC up to version 0.42.1. The vulnerability arises in the checkpath logic where a non-terminal path component can be a symlink, allowing a local user to take ownership of arbitrary files. Affected: OpenRC 0.42.1 and earlier. Impact: local privilege escalation via file ow...