CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-5226

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1250%
EPSS Percentile2.08th
Published2017年3月29日
Last Modified2026年5月13日

Vulnerability Description

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.

Affected Platforms (CPE)

📦
Projectatomic

Bubblewrap

<= 0.1.5

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2020/07/10/1
🔗 http://www.openwall.com/lists/oss-security/2023/03/17/1
🔗 http://www.securityfocus.com/bid/97260
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1411811
🔗 https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117
🔗 https://github.com/projectatomic/bubblewrap/issues/142
🔗 https://www.openwall.com/lists/oss-security/2023/03/14/2
🔗 http://www.openwall.com/lists/oss-security/2020/07/10/1

関連する脆弱性情報

CVE-2020-1375310.0

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOC...

CVE-2019-114609.0

An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised t...

CVE-2019-114617.8

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the ...

CVE-2019-124397.4

bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations ...