1.9
CVE-2025-5467
- EPSS 0.01%
- Veröffentlicht 10.12.2025 18:00:35
- Zuletzt bearbeitet 12.12.2025 15:18:42
- Quelle security@ubuntu.com
- CVE-Watchlists
- Unerledigt
It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCanonical
≫
Produkt
apport
Default Statusunaffected
Version <
2.20.11-0ubuntu82.7
Version
2.20.11-0ubuntu82
Status
affected
Version <
2.32.0-0ubuntu5.1
Version
2.32.0
Status
affected
Version <
2.20.9-0ubuntu7.29+esm1
Version
2.20.9
Status
affected
Version <
2.28.1-0ubuntu3.6
Version
2.28.1
Status
affected
Version <
2.33.0-0ubuntu1
Version
2.33.0
Status
affected
Version <
2.20.1-0ubuntu2.30+esm5
Version
2.20.1
Status
affected
Version <
2.20.11-0ubuntu27.28
Version
2.20.11-0ubuntu27
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.016 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@ubuntu.com | 1.9 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-708 Incorrect Ownership Assignment
The product assigns an owner to a resource, but the owner is outside of the intended control sphere.