CVE-2025-5467
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-17
Assigner: Canonical Ltd.
Description
Description
It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canonical | apport | From 2.20.1-0ubuntu1 (inc) to 2.20.1-0ubuntu2.30 (inc) |
| canonical | apport | 4.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-708 | The product assigns an owner to a resource, but the owner is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the process_crash() function in Canonical's Apport crash reporting tool, which may create crash files with incorrect group ownership. This misconfiguration can lead to crash information being exposed to groups beyond those originally intended or expected.
How can this vulnerability impact me? :
The vulnerability can lead to unintended exposure of sensitive crash information to unauthorized groups, potentially leaking diagnostic or system data that should remain restricted, thereby increasing the risk of information disclosure.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70