Skip to main content

Bubblewrap

4 CVEs product

Monthly

CVE-2020-5291 HIGH PATCH This Week

Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Debian Information Disclosure Bubblewrap Debian Linux Arch Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-12439 HIGH PATCH This Week

bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Bubblewrap
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-5226 CRITICAL POC PATCH THREAT Act Now

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

Information Disclosure Bubblewrap
NVD GitHub
CVSS 3.0
10.0
EPSS
10.4%
CVE-2016-8659 HIGH PATCH This Week

Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. Rated high severity (CVSS 7.0).

Privilege Escalation Bubblewrap
NVD GitHub
CVSS 3.0
7.0
EPSS
0.1%
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Debian Information Disclosure Bubblewrap +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Bubblewrap
NVD GitHub
EPSS 10% CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

Information Disclosure Bubblewrap
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. Rated high severity (CVSS 7.0).

Privilege Escalation Bubblewrap
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy