Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the crehash script. A local attacker could possibly use this issue to execute arbitrary commands when crehash is run.
{ "binaries": [ { "binary_name": "libssl-dev", "binary_version": "1.1.1-1ubuntu2.1~18.04.19" }, { "binary_name": "libssl1.1", "binary_version": "1.1.1-1ubuntu2.1~18.04.19" }, { "binary_name": "openssl", "binary_version": "1.1.1-1ubuntu2.1~18.04.19" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "libssl1.0-dev", "binary_version": "1.0.2n-1ubuntu5.10" }, { "binary_name": "libssl1.0.0", "binary_version": "1.0.2n-1ubuntu5.10" }, { "binary_name": "openssl1.0", "binary_version": "1.0.2n-1ubuntu5.10" } ], "availability": "No subscription required" }