Lucene search

Ubuntu.comUB:CVE-2024-33901

HistoryMay 20, 2024 - 12:00 a.m.

CVE-2024-33901

2024-05-2000:00:00

ubuntu.com

cve-2024-33901

issue

password recovery

keepassxc

.kdbx database

vulnerability

memory dump

ubuntu

ptrace restrictions

severity

6.2 Medium

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON

DISPUTED Issue in KeePassXC 2.7.7 allows an attacker (who has the
privileges of the victim) to recover some passwords stored in the .kdbx
database via a memory dump. NOTE: the vendor disputes this because
memory-management constraints make this unavoidable in the current design
and other realistic designs.

Notes

Author	Note
	Priority reason: Mitigated by default ptrace restrictions in Ubuntu
alexmurray	This vulnerability requires the attacker to dump the memory of the keepassxc process - in Ubuntu the default ptrace restrictions ensure that in general this cannot be done by other processes even belonging to the same user which lowers the severity of this vulnerability

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchkeepassxc< anyUNKNOWN
ubuntu20.04noarchkeepassxc< anyUNKNOWN
ubuntu22.04noarchkeepassxc< anyUNKNOWN
ubuntu23.10noarchkeepassxc< anyUNKNOWN
ubuntu24.04noarchkeepassxc< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	keepassxc	< any	UNKNOWN
ubuntu	20.04	noarch	keepassxc	< any	UNKNOWN
ubuntu	22.04	noarch	keepassxc	< any	UNKNOWN
ubuntu	23.10	noarch	keepassxc	< any	UNKNOWN
ubuntu	24.04	noarch	keepassxc	< any	UNKNOWN

References

gist.github.com/Fastor01/30c6d89c842feb1865ec2cd2d3806838

keepassxc.org/blog/

launchpad.net/bugs/cve/CVE-2024-33901

nvd.nist.gov/vuln/detail/CVE-2024-33901

security-tracker.debian.org/tracker/CVE-2024-33901

www.cve.org/CVERecord?id=CVE-2024-33901