Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1janFmLTg3N3AtN20zZs4AA4Qp
snapd Race Condition vulnerability
Race condition in snap-confine's must_mkdir_and_open_with_perms()
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1janFmLTg3N3AtN20zZs4AA4Qp
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 11 months ago
Updated: 14 days ago
CVSS Score: 7.9
CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Identifiers: GHSA-cjqf-877p-7m3f, CVE-2022-3328
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-3328
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328
- https://ubuntu.com/security/notices/USN-5753-1
- https://github.com/snapcore/snapd/pull/12380
- https://github.com/snapcore/snapd/commit/21ebc51f00b8a1417888faa2e83a372fd29d0f5e
- https://github.com/snapcore/snapd/commit/6226cdc57052f4b7057d92f2e549aa169e35cd2d
- https://github.com/advisories/GHSA-cjqf-877p-7m3f
Blast Radius: 13.2
Affected Packages
go:github.com/snapcore/snapd
Dependent packages: 36Dependent repositories: 47
Downloads:
Affected Version Ranges: < 2.57.6
Fixed in: 2.57.6
All affected versions:
All unaffected versions: