Your submission was sent successfully! Close

CVE-2021-3709

Published: 14 September 2021

Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
apport
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri)
Released (2.20.11-0ubuntu69)
Ubuntu 21.04 (Hirsute Hippo)
Released (2.20.11-0ubuntu65.3)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2.20.11-0ubuntu27.20)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.20.9-0ubuntu7.26)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.20.1-0ubuntu2.30+esm2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.14.1-0ubuntu3.29+esm8)