You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.
Vulnerable Library - iproute2v4.14.1
Iproute2 routing commands and utilities
Library home page: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git
Vulnerable Source Files (1)
/vendor/iproute2-4.2.0/ip/ipnetns.c
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2019-20795
Vulnerable Library - iproute2v4.14.1
Iproute2 routing commands and utilities
Library home page: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git
Found in base branch: main
Vulnerable Source Files (1)
/vendor/iproute2-4.2.0/ip/ipnetns.c
Vulnerability Details
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.
Publish Date: 2020-05-09
URL: CVE-2019-20795
CVSS 3 Score Details (4.4)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20795
Release Date: 2020-09-10
Fix Resolution: v5.1.0
The text was updated successfully, but these errors were encountered: