CVE-2022-1117

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1117

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1117.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-1117

Related

Published

2022-08-29T15:15:10Z

Modified

2024-05-14T11:07:50.373559Z

Severity

8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.

References

Affected packages

Git / github.com/linux-application-whitelisting/fapolicyd

Affected ranges

Type: GIT
Repo: https://github.com/linux-application-whitelisting/fapolicyd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

38a942613f93824c53164730b2b7a2f75b8cd263

Affected versions

fapolicy-0.*

fapolicy-0.8.1

fapolicy-0.8.2

fapolicyd-0.*

fapolicyd-0.8

v0.*

v0.8

v0.8.10

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v0.8.7

v0.8.8

v0.8.9

v0.9

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v1.*

v1.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.1

v1.1.1