CVE-2017-5226

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
projectatomicbubblewrap
𝑥
≤ 0.1.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bubblewrap
bullseye
0.4.1-3
fixed
bookworm
0.8.0-2+deb12u1
fixed
bookworm (security)
0.8.0-2+deb12u1
fixed
sid
0.11.0-1
fixed
trixie
0.11.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bubblewrap
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
dne
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2020/07/10/1
http://www.openwall.com/lists/oss-security/2023/03/17/1
http://www.securityfocus.com/bid/97260
https://bugzilla.redhat.com/show_bug.cgi?id=1411811
https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117
https://github.com/projectatomic/bubblewrap/issues/142
https://www.openwall.com/lists/oss-security/2023/03/14/2
http://www.openwall.com/lists/oss-security/2020/07/10/1
http://www.openwall.com/lists/oss-security/2023/03/17/1
http://www.securityfocus.com/bid/97260
https://bugzilla.redhat.com/show_bug.cgi?id=1411811
https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117
https://github.com/projectatomic/bubblewrap/issues/142
https://www.openwall.com/lists/oss-security/2023/03/14/2