CVE-2018-6560

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
flatpakflatpak
𝑥
< 0.8.9
flatpakflatpak
0.9.1 ≤
𝑥
≤ 0.9.99
flatpakflatpak
0.10.0 ≤
𝑥
< 0.10.3
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
flatpak
bullseye (security)
1.10.8-0+deb11u2
fixed
bullseye
1.10.8-0+deb11u2
fixed
bookworm
1.14.10-1~deb12u1
fixed
bookworm (security)
1.14.10-1~deb12u1
fixed
sid
1.14.10-1
fixed
trixie
1.14.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
flatpak
bionic
not-affected
artful
ignored
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:2766
https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6
https://github.com/flatpak/flatpak/releases/tag/0.10.3
https://github.com/flatpak/flatpak/releases/tag/0.8.9
https://access.redhat.com/errata/RHSA-2018:2766
https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6
https://github.com/flatpak/flatpak/releases/tag/0.10.3
https://github.com/flatpak/flatpak/releases/tag/0.8.9