CVE-2024-33900
Publication date 20 May 2024
Last updated 24 July 2024
Ubuntu priority
** DISPUTED ** KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
Read the notes from the security team
Why is this CVE low priority?
Mitigated by default ptrace restrictions in Ubuntu
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| keepassxc | 24.04 LTS noble |
Not affected
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
Notes
alexmurray
This vulnerability requires the attacker to dump the memory of the keepassxc process - in Ubuntu the default ptrace restrictions ensure that in general this cannot be done by other processes even belonging to the same user which lowers the severity of this vulnerability