CVE-2024-11003

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-11003

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-11003.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-11003

Related

Published

2024-11-19T18:15:19Z

Modified

2024-11-22T06:05:11.839306Z

Summary

[none]

Details

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.

References

Affected packages

Debian:11 / needrestart

Package

Name: needrestart
Purl: pkg:deb/debian/needrestart?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5-4+deb11u4

Affected versions

3.*

3.5-4

3.5-4+deb11u1

3.5-4+deb11u2

3.5-4+deb11u3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / needrestart

Package

Name: needrestart
Purl: pkg:deb/debian/needrestart?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6-4+deb12u2

Affected versions

3.*

3.6-4

3.6-4+deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / needrestart

Package

Name: needrestart
Purl: pkg:deb/debian/needrestart?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7-3.1

Affected versions

3.*

3.6-4

3.6-5

3.6-6

3.6-7

3.6-8

3.7-1

3.7-2

3.7-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/liske/needrestart

Affected ranges

Type: GIT
Repo: https://github.com/liske/needrestart
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0f80a348883f72279a859ee655f58da34babefb0

Affected versions

Other

untagged-8041ea07bb5db92f7693

v0.*

v0.1

v0.2

v0.3

v0.4

v0.5

v0.6

v0.7

v0.8

v0.9

v1.*

v1.0

v1.1

v1.2

v2.*

v2.0

v2.1

v2.10

v2.11

v2.2

v2.3

v2.4

v2.5

v2.6

v2.7

v2.8

v2.9

v3.*

v3.0

v3.1

v3.2

v3.3

v3.4

v3.5

v3.6

v3.7