CVE-2019-7304

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-7304

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7304.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-7304

Related

Published

2019-04-23T16:29:10Z

Modified

2025-01-08T06:29:12.173543Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.

References

Affected packages

Debian:11 / snapd

Package

Name: snapd
Purl: pkg:deb/debian/snapd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.37.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / snapd

Package

Name: snapd
Purl: pkg:deb/debian/snapd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.37.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / snapd

Package

Name: snapd
Purl: pkg:deb/debian/snapd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.37.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/snapcore/snapd

Affected ranges

Type: GIT
Repo: https://github.com/snapcore/snapd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4a0dbb587dbf3bf8026d01930858442e9d10d68a

Affected versions

0.*

0.1-0ubuntu1

0.2

0.2.10

0.2.11

0.2.12

0.2.13

0.2.3

0.2.4

0.2.8

0.2.9

1.*

1.0-0ubuntu1

1.0.1

1.0.1-0ubuntu1

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.2

1.0.20

1.0.21

1.0.22

1.0.23

1.0.24

1.0.25

1.0.25.1

1.0.26

1.0.27

1.0.28

1.0.29

1.0.3

1.0.30

1.0.31

1.0.32

1.0.33

1.0.34

1.0.35

1.0.36

1.0.37

1.0.38

1.0.39

1.0.4

1.0.40

1.0.41

1.0.42

1.0.42.1

1.0.43

1.0.44

1.0.5

1.0.6

1.0.8

1.0.9

1.1-0ubuntu1

1.1.1-0ubuntu1

1.1.2-0ubuntu1

1.2-0ubuntu1

1.3ubuntu1

1.4ubuntu1

1.5ubuntu1

1.6ubuntu1

1.7.2+20160113ubuntu1

1.7.2+20160204ubuntu1

1.7.2+20160223ubuntu1

1.7.2ubuntu1

1.7.3+20160225ubuntu1

1.7.3+20160303ubuntu1

1.7.3+20160303ubuntu2

1.7.3+20160303ubuntu3

1.7.3+20160303ubuntu4

1.7.3+20160308ubuntu1

1.7.3+20160310ubuntu1

1.7ubuntu1

1.9

1.9.1

1.9.2

1.9.3

1.9.4

2.*

2.0

2.0.10

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.8.1

2.0.9

2.11

2.12

2.13

2.14

2.14.1

2.14.2.16.04

2.15

2.15.1

2.15.2

2.17

2.17.1

2.18

2.18.1

2.19

2.20

2.20.1

2.21

2.22

2.22.1

2.22.2

2.22.3

2.22.4

2.22.5

2.22.6

2.22.7

2.23

2.23.1

2.24

2.25

2.26

2.26.1

2.26.10

2.26.13

2.26.14

2.26.2

2.26.3

2.26.4

2.26.5

2.26.6

2.26.8

2.26.9

2.27

2.27.1

2.27.2

2.27.3

2.27.4

2.27.5

2.27.6

2.28

2.28.1

2.28.2

2.28.3

2.28.4

2.28.5

2.29

2.29.1

2.29.2

2.29.3

2.29.3.1

2.29.4

2.29.4.1

2.30

2.31

2.31.1

2.31.2

2.32

2.32.1

2.32.2

2.32.3

2.32.3.2

2.32.4

2.32.5

2.32.6

2.32.7

2.32.8

2.32.9

2.33

2.33.1

2.34

2.34.1

2.34.2

2.34.3

2.35

2.35.1

2.35.2

2.35.4

2.35.5

2.36

2.36.1

2.36.2

2.36.3

2.37

Other

ppa

untagged-ec50ee5bfb45daefc236