In snapd versions prior to 2.62, snapd failed to properly check the file
type when extracting a snap. The snap format is a squashfs file-system
image and so can contain files that are non-regular files (such as pipes
or sockets etc). Various file entries within the snap squashfs image
(such as icons etc) are directly read by snapd when it is extracted. An
attacker who could convince a user to install a malicious snap which
contained non-regular files at these paths could then cause snapd to block
indefinitely trying to read from such files and cause a denial of service.
References
Link | Resource |
---|---|
https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063 | Patch |
https://github.com/snapcore/snapd/pull/13682 | Issue Tracking Patch |
https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063 | Patch |
https://github.com/snapcore/snapd/pull/13682 | Issue Tracking Patch |
Configurations
History
21 Nov 2024, 09:07
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063 - Patch | |
References | () https://github.com/snapcore/snapd/pull/13682 - Issue Tracking, Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.8 |
26 Aug 2024, 17:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.6 |
CWE | NVD-CWE-noinfo | |
First Time |
Canonical
Canonical snapd |
|
References | () https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063 - Patch | |
References | () https://github.com/snapcore/snapd/pull/13682 - Issue Tracking, Patch |
26 Jul 2024, 12:38
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Jul 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-25 20:15
Updated : 2024-11-21 09:07
NVD link : CVE-2024-29068
Mitre link : CVE-2024-29068
CVE.ORG link : CVE-2024-29068
JSON object : View
Products Affected
canonical
- snapd
CWE