Unrated severityNVD Advisory· Published May 9, 2020· Updated Aug 5, 2024
CVE-2019-20795
CVE-2019-20795
Description
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- iproute2/iproute2description
- Range: <5.1.0
- osv-coords3 versionspkg:rpm/suse/iproute2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/iproute2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/iproute2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 4.12-16.6.1+ 2 more
- (no CPE)range: < 4.12-16.6.1
- (no CPE)range: < 4.12-16.6.1
- (no CPE)range: < 4.12-16.6.1
Patches
Vulnerability mechanics
References
4- security.gentoo.org/glsa/202008-06mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4357-1/mitrevendor-advisoryx_refsource_UBUNTU
- bugzilla.suse.com/show_bug.cgimitrex_refsource_MISC
- git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.