CVE-2019-12589

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-12589
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12589.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-12589
Downstream
Related
Published
2019-06-03T03:29:00.320Z
Modified
2025-11-14T09:07:35.531290Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker.

References

Affected packages

Git / github.com/netblue30/firejail

Affected ranges

Type
GIT
Repo
https://github.com/netblue30/firejail
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a28018056f261144a93536a7cb4d0330415d0bd3
Fixed
eecf35c2f8249489a1d3e512bb07f0d427183134

Affected versions

0.*

0.9.30
0.9.30-rc1
0.9.32
0.9.32-rc1
0.9.34
0.9.34-rc1
0.9.36
0.9.36-rc1
0.9.38
0.9.38-rc1
0.9.40
0.9.40-rc1
0.9.42
0.9.42-rc1
0.9.42-rc2
0.9.44
0.9.44-rc1
0.9.46-rc1
0.9.48
0.9.50-rc1
0.9.52
0.9.54
0.9.54-rc1
0.9.54-rc2
0.9.56
0.9.56-rc1
0.9.58
0.9.58-rc1
0.9.58.2
0.9.60-rc1

Other

disable-globalcfg

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "67384363026242426742986726082890850129",
                "19415567598975183596019452508667436159",
                "130148424615959383458986732663975396341",
                "202027948952345477571722551091106582240",
                "87974669774181718622592430863085918492",
                "321523673279560823851681095757410004807",
                "187280022735004742100647671735448622911",
                "8069271742313920031112158992276591838",
                "19214700526563294267781882646734131594"
            ]
        },
        "target": {
            "file": "src/firejail/sandbox.c"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134",
        "id": "CVE-2019-12589-3d6ae38b",
        "deprecated": false
    },
    {
        "digest": {
            "length": 905.0,
            "function_hash": "185338667876474185884415895026310874088"
        },
        "target": {
            "file": "src/firejail/fs_lib.c",
            "function": "fslib_copy_libs"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134",
        "id": "CVE-2019-12589-82644d56",
        "deprecated": false
    },
    {
        "digest": {
            "length": 11535.0,
            "function_hash": "39175738399954804034304960284434844156"
        },
        "target": {
            "file": "src/firejail/sandbox.c",
            "function": "sandbox"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134",
        "id": "CVE-2019-12589-8874a029",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "181295529527059301025130108654719039424",
                "281713290536667111186861140124111849145",
                "319265215379820672325204568265724420722",
                "198553540468420987981228145493173222261"
            ]
        },
        "target": {
            "file": "src/firejail/preproc.c"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134",
        "id": "CVE-2019-12589-bf447656",
        "deprecated": false
    },
    {
        "digest": {
            "length": 1252.0,
            "function_hash": "160347950863082451403219399017254734719"
        },
        "target": {
            "file": "src/firejail/preproc.c",
            "function": "preproc_mount_mnt_dir"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134",
        "id": "CVE-2019-12589-dc6895da",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "241379729169780835141105620300136314318",
                "140670022831521536393275712435736562455",
                "165790761023700795151404812636586624985",
                "89242058394535355447115621840568165073"
            ]
        },
        "target": {
            "file": "src/firejail/fs_lib.c"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134",
        "id": "CVE-2019-12589-f04da084",
        "deprecated": false
    }
]