Snyk test report
- quay.io/argoproj/argocd:v3.1.15/argoproj/argocd/Dockerfile (deb)
- quay.io/argoproj/argocd:v3.1.15/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)
- quay.io/argoproj/argocd:v3.1.15//usr/local/bin/kustomize (gomodules)
- quay.io/argoproj/argocd:v3.1.15/helm/v3//usr/local/bin/helm (gomodules)
- quay.io/argoproj/argocd:v3.1.15/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
Incorrect Authorization
Detailed paths
Overview
Affected versions of this package are vulnerable to Incorrect Authorization in the processing of HTTP/2 :path pseudo-headers in handleStream(). An attacker can gain unauthorized access to restricted resources by sending requests with malformed :path headers that omit the leading slash. This is only exploitable if the server uses path-based authorization interceptors, has deny rules that use canonical paths with leading slashes, and has a fallback allow rule in its policy.
Workaround
This vulnerability can be mitigated by adding a validating interceptor that rejects requests with malformed paths, configuring infrastructure (such as reverse proxies) to enforce strict HTTP/2 compliance, or switching to a default-deny authorization policy.
Remediation
Upgrade google.golang.org/grpc to version 1.79.3 or higher.
References
Untrusted Search Path
Detailed paths
Overview
Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes ioreg, when the PATH environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.
Note: This vulnerability is only exploitable on MacOS/Darwin systems.
Remediation
Upgrade go.opentelemetry.io/otel/sdk/resource to version 1.40.0 or higher.
References
Untrusted Search Path
Detailed paths
Overview
Affected versions of this package are vulnerable to Untrusted Search Path through the hostIDReaderBSD.read function in sdk/resource/host_id.go. An attacker can execute a malicious kenv binary by placing it earlier in $PATH and triggering host ID detection on BSD or Solaris systems when /etc/hostid is absent. When an application initializes OpenTelemetry resource detection under those conditions, it runs the attacker-controlled command in the application's context, allowing local code execution and compromising the process running the Go application.
Remediation
Upgrade go.opentelemetry.io/otel/sdk/resource to version 1.43.0 or higher.
References
Allocation of Resources Without Limits or Throttling
Detailed paths
Overview
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains within the allowed size limit.
Remediation
Upgrade go.opentelemetry.io/otel/propagation to version 1.41.0 or higher.
References
Allocation of Resources Without Limits or Throttling
Detailed paths
Overview
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains within the allowed size limit.
Remediation
Upgrade go.opentelemetry.io/otel/internal/global to version 1.41.0 or higher.
References
Uncaught Exception
Detailed paths
Overview
Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption (JWE) object with a key wrapping algorithm (ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW') and the encrypted_key field is empty. An attacker can cause a panic and disrupt service by submitting a crafted JWE object with an empty encrypted_key field or by directly invoking cipher.KeyUnwrap with a ciphertext parameter less than 16 bytes long.
Note:
This is only exploitable if the list of accepted key algorithms includes key wrapping algorithms.
Workaround
This vulnerability can be mitigated by prevalidating JWE objects to ensure the encrypted_key field is nonempty, or by excluding key wrapping algorithms from the list of accepted key algorithms.
Remediation
Upgrade github.com/go-jose/go-jose/v4 to version 4.1.4 or higher.
References
Time-of-check Time-of-use (TOCTOU)
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream util-linux package and not the util-linux package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.
Remediation
There is no fixed version for Ubuntu:24.04 util-linux.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-27456
- https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4
- https://github.com/util-linux/util-linux/releases/tag/v2.41.4
- https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g
Directory Traversal
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.
Remediation
There is no fixed version for Ubuntu:24.04 tar.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582
- https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md
- https://www.gnu.org/software/tar/
- https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html
- https://www.gnu.org/software/tar/manual/html_node/Integrity.html
- https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html
- http://www.openwall.com/lists/oss-security/2025/11/01/6
Unrestricted Upload of File with Dangerous Type
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.
Remediation
There is no fixed version for Ubuntu:24.04 tar.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-5704
- https://access.redhat.com/security/cve/CVE-2026-5704
- https://bugzilla.redhat.com/show_bug.cgi?id=2455360
- http://www.openwall.com/lists/oss-security/2026/04/11/10
- http://www.openwall.com/lists/oss-security/2026/04/11/11
- http://www.openwall.com/lists/oss-security/2026/04/12/2
Directory Traversal
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
Remediation
There is no fixed version for Ubuntu:24.04 pam.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8941
- https://access.redhat.com/security/cve/CVE-2025-8941
- https://bugzilla.redhat.com/show_bug.cgi?id=2388220
- https://access.redhat.com/errata/RHSA-2025:14557
- https://access.redhat.com/errata/RHSA-2025:15100
- https://access.redhat.com/errata/RHSA-2025:15104
- https://access.redhat.com/errata/RHSA-2025:15107
- https://access.redhat.com/errata/RHSA-2025:15099
- https://access.redhat.com/errata/RHSA-2025:15101
- https://access.redhat.com/errata/RHSA-2025:15102
- https://access.redhat.com/errata/RHSA-2025:15103
- https://access.redhat.com/errata/RHSA-2025:15105
- https://access.redhat.com/errata/RHSA-2025:15106
- https://access.redhat.com/errata/RHSA-2025:15709
- https://access.redhat.com/errata/RHSA-2025:15828
- https://access.redhat.com/errata/RHSA-2025:15827
- https://access.redhat.com/errata/RHSA-2025:16524
- https://access.redhat.com/errata/RHSA-2025:18219
- https://access.redhat.com/errata/RHSA-2025:17181
- https://access.redhat.com/errata/RHSA-2025:21885
Inefficient Algorithmic Complexity
Detailed paths
Overview
golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.
Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the html.Parse function due to quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
Remediation
Upgrade golang.org/x/net/html to version 0.45.0 or higher.
References
Infinite loop
Detailed paths
Overview
golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.
Affected versions of this package are vulnerable to Infinite loop via the html.Parse function. An attacker can cause resource exhaustion and disrupt service availability by submitting specially crafted HTML input that triggers an infinite parsing loop.
Remediation
Upgrade golang.org/x/net/html to version 0.45.0 or higher.
References
Improper Verification of Cryptographic Signature
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.
Remediation
There is no fixed version for Ubuntu:24.04 gnupg2.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-68972
- https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
- https://news.ycombinator.com/item?id=46404339
- https://gpg.fail/formfeed
CVE-2026-4437
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.
Remediation
There is no fixed version for Ubuntu:24.04 glibc.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-4437
- https://sourceware.org/bugzilla/show_bug.cgi?id=34014
CVE-2026-4438
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.
Remediation
There is no fixed version for Ubuntu:24.04 glibc.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-4438
- https://sourceware.org/bugzilla/show_bug.cgi?id=34015
CVE-2026-4046
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.
This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.
Remediation
There is no fixed version for Ubuntu:24.04 glibc.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-4046
- https://sourceware.org/bugzilla/show_bug.cgi?id=33980
- https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD
- https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u
Improper Validation of Specified Type of Input
Detailed paths
Overview
Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the calls plugin when handling websocket messages containing malformed msgpack frames. An attacker can cause the server to consume excessive memory and crash by sending specially crafted websocket requests.
Remediation
There is no fixed version for github.com/vmihailenco/msgpack/v5.
References
Improper Validation of Integrity Check Value
Detailed paths
Overview
Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value for .idx and .pack files. An attacker can cause the application to consume corrupted files, leading to unexpected errors, due to checksums not being checked in the loadIdxFile() function.
Workaround
This vulnerability can be mitigated by running 'git fsck' from the git CLI to check for data corruption on a given repository.
Remediation
Upgrade github.com/go-git/go-git/v5/storage/filesystem to version 5.16.5 or higher.
References
Insufficiently Protected Credentials
Detailed paths
Overview
Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the advertisedReferences() function. The headers - including Authorization headers - from an initial /info/refs request are forwarded to redirect targets. An attacker can obtain authentication credentials by controlling a redirect target, and those credentials may be reused on other endpoints or attempted against other repositories owned by the victim. This is only exploitable if the client interacts with untrusted or misconfigured remote servers, or uses HTTP (not HTTPS) connections.
Remediation
Upgrade github.com/go-git/go-git/v5/plumbing/transport/http to version 5.18.0 or higher.
References
Allocation of Resources Without Limits or Throttling
Detailed paths
Overview
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of .idx files. An attacker with write access to the local repository's .git directory can exhaust system memory by introducing a maliciously crafted .idx file into the .git directory.
Remediation
Upgrade github.com/go-git/go-git/v5/plumbing/format/index to version 5.17.1 or higher.
References
Improper Validation of Array Index
Detailed paths
Overview
Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process by supplying a maliciously crafted .git/index file that triggers an out-of-bounds slice operation during index parsing.
Remediation
Upgrade github.com/go-git/go-git/v5/plumbing/format/index to version 5.17.1 or higher.
References
Improper Encoding or Escaping of Output
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.
Remediation
There is no fixed version for Ubuntu:24.04 git.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-52005
- https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329
- https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net
Algorithmic Complexity
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
Remediation
There is no fixed version for Ubuntu:24.04 expat.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-66382
- https://github.com/libexpat/libexpat/issues/1076
- http://www.openwall.com/lists/oss-security/2025/12/02/1
CVE-2026-2219
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream dpkg package and not the dpkg package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).
Remediation
There is no fixed version for Ubuntu:24.04 dpkg.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-2219
- https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313
- https://bugs.debian.org/1129722
CVE-2024-56433
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
Remediation
There is no fixed version for Ubuntu:24.04 shadow.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433
- https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241
- https://github.com/shadow-maint/shadow/issues/1157
- https://github.com/shadow-maint/shadow/releases/tag/4.4
Release of Invalid Pointer or Reference
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
Remediation
There is no fixed version for Ubuntu:24.04 patch.
References
Double Free
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
Remediation
There is no fixed version for Ubuntu:24.04 patch.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952
- https://security-tracker.debian.org/tracker/CVE-2018-6952
- https://security.gentoo.org/glsa/201904-17
- https://savannah.gnu.org/bugs/index.php?53133
- https://access.redhat.com/errata/RHSA-2019:2033
- http://www.securityfocus.com/bid/103047
Covert Timing Channel
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
Remediation
There is no fixed version for Ubuntu:24.04 libgcrypt20.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
- https://access.redhat.com/errata/RHSA-2024:9404
- https://bugzilla.redhat.com/show_bug.cgi?id=2268268
- https://access.redhat.com/errata/RHSA-2025:3534
- https://access.redhat.com/errata/RHSA-2025:3530
- https://access.redhat.com/security/cve/CVE-2024-2236
- https://bugzilla.redhat.com/show_bug.cgi?id=2245218
Out-of-bounds Write
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
Remediation
There is no fixed version for Ubuntu:24.04 gnupg2.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219
- https://access.redhat.com/security/cve/CVE-2022-3219
- https://bugzilla.redhat.com/show_bug.cgi?id=2127010
- https://dev.gnupg.org/D556
- https://dev.gnupg.org/T5993
- https://marc.info/?l=oss-security&m=165696590211434&w=4
- https://security.netapp.com/advisory/ntap-20230324-0001/
Allocation of Resources Without Limits or Throttling
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.
Remediation
There is no fixed version for Ubuntu:24.04 glibc.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013
- https://akkadia.org/drepper/SHA-crypt.txt
- https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/
- https://twitter.com/solardiz/status/795601240151457793
Improper Input Validation
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.04 relevant fixed versions and status.
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Remediation
There is no fixed version for Ubuntu:24.04 coreutils.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781
- https://security-tracker.debian.org/tracker/CVE-2016-2781
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- http://www.openwall.com/lists/oss-security/2016/02/28/2
- http://www.openwall.com/lists/oss-security/2016/02/28/3
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E