CVE-2019-20795

iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
iproute2_projectiproute2
𝑥
< 5.1.0
canonicalubuntu_linux
18.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
iproute2
bullseye
5.10.0-4
fixed
buster
no-dsa
stretch
not-affected
jessie
not-affected
bookworm
6.1.0-3
fixed
sid
6.11.0-1
fixed
trixie
6.11.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
iproute2
focal
not-affected
eoan
not-affected
bionic
Fixed 4.15.0-2ubuntu1.1
released
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=1171452
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
https://security.gentoo.org/glsa/202008-06
https://usn.ubuntu.com/4357-1/
https://bugzilla.suse.com/show_bug.cgi?id=1171452
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
https://security.gentoo.org/glsa/202008-06
https://usn.ubuntu.com/4357-1/