CVE-2018-6560
Description
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.094
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2018:2766) flatpak security update flatpak-0.8.8-4.el7_5.x86_64.rpm | Linux |
| (RHSA-2018:2766) flatpak security update flatpak-builder-0.8.8-4.el7_5.x86_64.rpm | Linux |
| (RHSA-2018:2766) flatpak security update flatpak-devel-0.8.8-4.el7_5.x86_64.rpm | Linux |
| (RHSA-2018:2766) flatpak security update flatpak-libs-0.8.8-4.el7_5.x86_64.rpm | Linux |
| Flatpak-builder update (ELSA-2018-2766) flatpak-builder-0.8.8-4.el7_5.x86_64.rpm | Linux |
| Flatpak-devel update (ELSA-2018-2766) flatpak-devel-0.8.8-4.el7_5.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234