OpenCVE

iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Iproute2 Project	Iproute2

Configuration 1 [-]

cpe:2.3:a:iproute2_project:iproute2:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=1171452
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
https://nvd.nist.gov/vuln/detail/CVE-2019-20795
https://security.gentoo.org/glsa/202008-06
https://usn.ubuntu.com/4357-1/
https://www.cve.org/CVERecord?id=CVE-2019-20795

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-05-09T20:16:02

Updated: 2024-08-05T02:53:09.086Z

Reserved: 2020-05-09T00:00:00

Link: CVE-2019-20795

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-05-09T21:15:10.913

Modified: 2024-11-21T04:39:22.943

Link: CVE-2019-20795

Redhat

Severity : Low

Publid Date: 2019-05-05T00:00:00Z

Links: CVE-2019-20795 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-08T05:06:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171452"}, {"name": "USN-4357-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4357-1/"}, {"name": "GLSA-202008-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202008-06"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-20795", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1171452", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171452"}, {"name": "USN-4357-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4357-1/"}, {"name": "GLSA-202008-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202008-06"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:53:09.086Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171452"}, {"name": "USN-4357-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4357-1/"}, {"name": "GLSA-202008-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202008-06"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-20795", "datePublished": "2020-05-09T20:16:02", "dateReserved": "2020-05-09T00:00:00", "dateUpdated": "2024-08-05T02:53:09.086Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iproute2_project:iproute2:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC4FC016-3F6F-4D90-989D-7F32E560A9D4", "versionEndExcluding": "5.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability."}, {"lang": "es", "value": "iproute2 versiones anteriores a 5.1.0, presenta un uso de la memoria previamente liberada en la funci\u00f3n get_netnsid_from_name en el archivo ip/ipnetns.c. NOTA: la relevancia para la seguridad puede limitarse a ciertos usos del setuid que, aunque no es un valor predeterminado, a veces es una opci\u00f3n de configuraci\u00f3n ofrecida a los usuarios finales. Incluso cuando se utiliza setuid, otros factores (como la configuraci\u00f3n de la biblioteca C) pueden bloquear la posibilidad de explotaci\u00f3n."}], "id": "CVE-2019-20795", "lastModified": "2024-11-21T04:39:22.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-09T21:15:10.913", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171452"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202008-06"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4357-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171452"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202008-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4357-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "iproute: use-after-free in get_netnsid_from_name in ip/ipnetns.c", "id": "1868211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868211"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.", "A use-after-free flaw was found in iproute in the network namespace management component of the ip command-line utility. This flaw allows a local attacker to crash the program while displaying network namespaces. The highest threat from this vulnerability is to system availability."], "name": "CVE-2019-20795", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "iproute", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "iproute", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "iproute", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "iproute", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2019-05-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-20795\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20795"], "statement": "This issue affects the versions of `iproute` as shipped with Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 8 is not affected by this flaw.\nThis flaw has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 5 is now in the Extended Life Phase of the support and maintenance life cycle. Red Hat Enterprise Linux 6 is now in the Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low", "upstream_fix": "iproute2 5.1.0"}