VYPR

apport-cli

by Canonical

CVEs (29)

  • CVE-2021-32557MedJun 12, 2021
    risk 0.34cvss 5.2epss 0.00

    It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.

  • CVE-2025-5054MedMay 30, 2025
    risk 0.31cvss 4.7epss 0.01

    Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a…

  • CVE-2019-11482MedFeb 8, 2020
    risk 0.27cvss 4.2epss 0.00

    Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.

  • CVE-2021-32556LowJun 12, 2021
    risk 0.25cvss 3.8epss 0.00

    It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.

  • CVE-2019-11481LowFeb 8, 2020
    risk 0.25cvss 3.8epss 0.00

    Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.

  • CVE-2019-11485LowFeb 8, 2020
    risk 0.21cvss 3.3epss 0.00

    Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.

  • CVE-2019-15790LowApr 28, 2020
    risk 0.18cvss 2.8epss 0.01

    Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read…

  • CVE-2025-5467Dec 10, 2025
    risk 0.00cvss epss 0.00

    It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.

  • CVE-2023-1326HigApr 13, 2023
    risk 0.00cvss 7.7epss 0.01

    A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local…

Page 2 of 2