Your submission was sent successfully! Close

CVE-2022-29799

Published: 27 April 2022

A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory.

Priority

High

CVSS 3 base score: 5.5

Status

Package Release Status
networkd-dispatcher
Launchpad, Ubuntu, Debian
bionic
Released (1.7-0ubuntu3.5)
focal
Released (2.1-2~ubuntu20.04.3)
impish
Released (2.1-2ubuntu0.21.10.2)
jammy
Released (2.1-2ubuntu0.22.04.2)
upstream Pending
(2.2.2)
Patches:
upstream: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/074ff68f08d64a963a13e3cfc4fb3e3fb9006dfe
upstream: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/652b32f17ad37c49ef098f352424f97f9b8aa031