Vulnerability Details CVE-2019-20795
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.1%
CVSS Severity
CVSS v3 Score 4.4
CVSS v2 Score 2.1
References
- https://bugzilla.suse.com/show_bug.cgi?id=1171452
- https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
- https://security.gentoo.org/glsa/202008-06
- https://usn.ubuntu.com/4357-1/
- https://bugzilla.suse.com/show_bug.cgi?id=1171452
- https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
- https://security.gentoo.org/glsa/202008-06
- https://usn.ubuntu.com/4357-1/
Products affected by CVE-2019-20795
-
cpe:2.3:a:iproute2_project:iproute2:-
-
cpe:2.3:a:iproute2_project:iproute2:3.0.0
-
cpe:2.3:a:iproute2_project:iproute2:3.1.0
-
cpe:2.3:a:iproute2_project:iproute2:3.10.0
-
cpe:2.3:a:iproute2_project:iproute2:3.11.0
-
cpe:2.3:a:iproute2_project:iproute2:3.12.0
-
cpe:2.3:a:iproute2_project:iproute2:3.14.0
-
cpe:2.3:a:iproute2_project:iproute2:3.15.0
-
cpe:2.3:a:iproute2_project:iproute2:3.16.0
-
cpe:2.3:a:iproute2_project:iproute2:3.17.0
-
cpe:2.3:a:iproute2_project:iproute2:3.18.0
-
cpe:2.3:a:iproute2_project:iproute2:3.19.0
-
cpe:2.3:a:iproute2_project:iproute2:3.2.0
-
cpe:2.3:a:iproute2_project:iproute2:3.3.0
-
cpe:2.3:a:iproute2_project:iproute2:3.4.0
-
cpe:2.3:a:iproute2_project:iproute2:3.5.0
-
cpe:2.3:a:iproute2_project:iproute2:3.5.1
-
cpe:2.3:a:iproute2_project:iproute2:3.6.0
-
cpe:2.3:a:iproute2_project:iproute2:3.7.0
-
cpe:2.3:a:iproute2_project:iproute2:3.8.0
-
cpe:2.3:a:iproute2_project:iproute2:3.9.0
-
cpe:2.3:a:iproute2_project:iproute2:4.0.0
-
cpe:2.3:a:iproute2_project:iproute2:4.1.0
-
cpe:2.3:a:iproute2_project:iproute2:4.1.1
-
cpe:2.3:a:iproute2_project:iproute2:4.10.0
-
cpe:2.3:a:iproute2_project:iproute2:4.11.0
-
cpe:2.3:a:iproute2_project:iproute2:4.12.0
-
cpe:2.3:a:iproute2_project:iproute2:4.13.0
-
cpe:2.3:a:iproute2_project:iproute2:4.14.0
-
cpe:2.3:a:iproute2_project:iproute2:4.14.1
-
cpe:2.3:a:iproute2_project:iproute2:4.15.0
-
cpe:2.3:a:iproute2_project:iproute2:4.16.0
-
cpe:2.3:a:iproute2_project:iproute2:4.17.0
-
cpe:2.3:a:iproute2_project:iproute2:4.18.0
-
cpe:2.3:a:iproute2_project:iproute2:4.19.0
-
cpe:2.3:a:iproute2_project:iproute2:4.2.0
-
cpe:2.3:a:iproute2_project:iproute2:4.20.0
-
cpe:2.3:a:iproute2_project:iproute2:4.3.0
-
cpe:2.3:a:iproute2_project:iproute2:4.4.0
-
cpe:2.3:a:iproute2_project:iproute2:4.5.0
-
cpe:2.3:a:iproute2_project:iproute2:4.6.0
-
cpe:2.3:a:iproute2_project:iproute2:4.7.0
-
cpe:2.3:a:iproute2_project:iproute2:4.8.0
-
cpe:2.3:a:iproute2_project:iproute2:4.9.0
-
cpe:2.3:a:iproute2_project:iproute2:5.0.0
-
cpe:2.3:o:canonical:ubuntu_linux:18.04