CVE-2018-6560

EUVD-2018-18311
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
flatpakflatpak
𝑥
< 0.8.9
flatpakflatpak
0.9.1 ≤
𝑥
≤ 0.9.99
flatpakflatpak
0.10.0 ≤
𝑥
< 0.10.3
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
flatpak
bookworm
1.14.10-1~deb12u1
fixed
bookworm (security)
1.14.10-1~deb12u1
fixed
bullseye
1.10.8-0+deb11u2
fixed
bullseye (security)
1.10.8-0+deb11u2
fixed
sid
1.14.10-1
fixed
trixie
1.14.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
flatpak
artful
ignored
bionic
not-affected
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:2766
https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6
https://github.com/flatpak/flatpak/releases/tag/0.10.3
https://github.com/flatpak/flatpak/releases/tag/0.8.9
https://access.redhat.com/errata/RHSA-2018:2766
https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6
https://github.com/flatpak/flatpak/releases/tag/0.10.3
https://github.com/flatpak/flatpak/releases/tag/0.8.9