CVE-2019-20795

EUVD-2019-11332
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
iproute2_projectiproute2
𝑥
< 5.1.0
canonicalubuntu_linux
18.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
iproute2
bookworm
6.1.0-3
fixed
bullseye
5.10.0-4
fixed
buster
no-dsa
jessie
not-affected
sid
6.11.0-1
fixed
stretch
not-affected
trixie
6.11.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
iproute2
bionic
Fixed 4.15.0-2ubuntu1.1
released
eoan
not-affected
focal
not-affected
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=1171452
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
https://security.gentoo.org/glsa/202008-06
https://usn.ubuntu.com/4357-1/
https://bugzilla.suse.com/show_bug.cgi?id=1171452
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
https://security.gentoo.org/glsa/202008-06
https://usn.ubuntu.com/4357-1/