PT-2018-17635 · Flatpak+3 · Flatpak+3

Gabriel Campana

Published

2018-02-02

Updated

2019-10-03

CVE-2018-6560

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Flatpak versions prior to 0.8.9 Flatpak versions 0.9.x Flatpak versions 0.10.x prior to 0.10.3

Description The issue allows crafted D-Bus messages to the host to be used to break out of the sandbox. This is due to differences in whitespace handling between the proxy and the daemon.

Recommendations For versions prior to 0.8.9, update to version 0.8.9 or later. For versions 0.9.x, update to version 0.10.3 or later. For versions 0.10.x prior to 0.10.3, update to version 0.10.3 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-436

Related Identifiers

ALT-PU-2018-1133

CESA-2018_2766

CVE-2018-6560

MGASA-2018-0143

RHSA-2018:2766

RHSA-2018_2766

Affected Products

Alt Linux

Centos

Flatpak

Red Hat

PT-2018-17635 · Flatpak+3 · Flatpak+3

CVE-2018-6560

Weakness Enumeration

Related Identifiers

Affected Products

References · 16