VYPR

needrestart

by Qualitor

CVEs (2)

  • CVE-2024-11003HigNov 19, 2024
    risk 0.01cvss 7.8epss 0.12

    Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.

  • CVE-2024-48991HigNov 19, 2024
    risk 0.00cvss 7.8epss 0.05

    Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). The initial…