Your submission was sent successfully! Close

CVE-2018-6560

Published: 02 February 2018

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.

Priority

Unknown

CVSS 3 base score: 8.8

Status

Package Release Status
flatpak
Launchpad, Ubuntu, Debian
Upstream
Released (0.10.3-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(0.10.3-1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist