MidnightBSD

Advisories for iproute2_project

CVE-2012-1088 LOW

iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
iproute2_project iproute2 3.0.0
iproute2_project iproute2 *
iproute2_project iproute2 3.1.0
CVE-2019-20795 LOW

iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-416,

Products Affected

Vendor Product Version
iproute2_project iproute2 *
canonical ubuntu_linux 18.04