CVE-2022-30688 Information

Jun 07, 2022 cve

Description

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl Python and Ruby interpreters are not anchored allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.openwall.com/lists/oss-security/2022/05/17/9 https://github.com/liske/needrestart/releases/tag/v3.6 https://lists.debian.org/debian-security-announce/2022/msg00105.html https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30 http://www.openwall.com/lists/oss-security/2022/05/17/9 https://www.debian.org/security/2022/dsa-5137 https://lists.debian.org/debian-lts-announce/2022/05/msg00024.html

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8

Share on: