CVE-2021-32549 HIGH

CVE-2021-32549: apport read_file() function could follow maliciously constructed symbolic links

Vendor Canonical
Product apport
Weakness CWE-59
Published June 12, 2021
Last update September 16, 2024

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

What the vulnerability does

01Description

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.

Key dates

02Disclosure timeline

June 12, 2021 CVE published
September 16, 2024 Record updated