PT-2019-18479 · Keybase · Keybase

0Xcccc

Published

2019-01-31

Updated

2020-08-24

CVE-2019-7249

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Keybase versions prior to 2.12.6

Description The issue in Keybase allows one user of the system without root access to tamper with another's installs due to time-to-check-time-to-use bugs in the move RPC to the Helper.

Recommendations For versions prior to 2.12.6, update to version 2.12.6 or later to resolve the issue.

Exploit

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

CVE-2019-7249

Affected Products

Keybase

PT-2019-18479 · Keybase · Keybase

CVE-2019-7249

Weakness Enumeration

Related Identifiers

Affected Products

References · 5