CVE-2024-36587

2024-06-1300:00:00

mitre

github.com

dnscrypt-proxy

insecure permissions

non-privileged attackers

privilege escalation

binary overwrite

AI Score

7.1

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dnscrypt:dnscrypt-proxy:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dnscrypt",
    "product": "dnscrypt-proxy",
    "versions": [
      {
        "status": "affected",
        "version": "v2.0.0alpha9",
        "versionType": "custom",
        "lessThanOrEqual": "v2.1.5"
      }
    ],
    "defaultStatus": "unknown"
  }
]