Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "2.37.1"
}
],
"source": "CPE_RANGE",
"vendor_product": "canonical:snapd",
"cpes": [
"cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "14.04"
},
{
"last_affected": "14.04"
},
{
"introduced": "16.04"
},
{
"last_affected": "16.04"
},
{
"introduced": "18.04"
},
{
"last_affected": "18.04"
},
{
"introduced": "18.10"
},
{
"last_affected": "18.10"
}
],
"source": "CPE_STRING",
"vendor_product": "canonical:ubuntu_linux",
"cpes": [
"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"
]
}
]
}