CVE-2017-5226

EUVD-2017-14331
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
projectatomicbubblewrap
𝑥
≤ 0.1.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bubblewrap
bookworm
0.8.0-2+deb12u1
fixed
bookworm (security)
0.8.0-2+deb12u1
fixed
bullseye
0.4.1-3
fixed
sid
0.11.0-1
fixed
trixie
0.11.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bubblewrap
artful
ignored
bionic
not-affected
precise
dne
trusty
dne
xenial
dne
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2020/07/10/1
http://www.openwall.com/lists/oss-security/2023/03/17/1
http://www.securityfocus.com/bid/97260
https://bugzilla.redhat.com/show_bug.cgi?id=1411811
https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117
https://github.com/projectatomic/bubblewrap/issues/142
https://www.openwall.com/lists/oss-security/2023/03/14/2
http://www.openwall.com/lists/oss-security/2020/07/10/1
http://www.openwall.com/lists/oss-security/2023/03/17/1
http://www.securityfocus.com/bid/97260
https://bugzilla.redhat.com/show_bug.cgi?id=1411811
https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117
https://github.com/projectatomic/bubblewrap/issues/142
https://www.openwall.com/lists/oss-security/2023/03/14/2