CVE-2022-30688

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions needrestart versions 0.8 through 3.5 before 3.6

Description The issue is related to local privilege escalation. Regexes used to detect Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart checks if interpreters are using old source files.

Recommendations For versions 0.8 through 3.5 before 3.6, update to version 3.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the regex detection feature for Perl, Python, and Ruby interpreters until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-30688

DLA-3013-1

DSA-5137-1

USN-5426-1

Affected Products

Linuxmint

Ubuntu

Needrestart

CVE-2022-30688

Related Identifiers

Affected Products

References · 22