CVE-2021-25683 HIGH

CVE-2021-25683: apport improperly parses /proc/pid/stat

Vendor Canonical

Product apport

Weakness CWE-20 · Input validation

Published June 11, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.

Key dates

02Disclosure timeline

June 11, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25683

Related vulnerabilities

Identifiers

CVE CVE-2021-25683

CWE CWE-20

CVSS 8.8 / HIGH

Affected versions

Vendor Canonical

Product apport

Affected ≥ 2.20.1 and < 2.20.1-0ubuntu2.30

Vendor Canonical

Product apport

Affected ≥ 2.20.9 and < 2.20.9-0ubuntu7.23

Vendor Canonical

Product apport

Affected ≥ 2.20.11-0ubuntu27 and < 2.20.11-0ubuntu27.16

Vendor Canonical

Product apport

Affected ≥ 2.20.11-0ubuntu50 and < 2.20.11-0ubuntu50.5

CVE-2021-25683: apport improperly parses /proc/pid/stat

01Description

02Disclosure timeline

03References

04Related CVE