CVE-2021-32554 HIGH

CVE-2021-32554: apport read_file() function could follow maliciously constructed symbolic links

Vendor Canonical
Product apport
Weakness CWE-59
Published June 12, 2021
Last update September 16, 2024

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

What the vulnerability does

01Description

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.

Key dates

02Disclosure timeline

June 12, 2021 CVE published
September 16, 2024 Record updated