Libcap
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-1390 | Med | 0.40 | 6.1 | 0.00 | Feb 18, 2025 | The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability… | ||
| CVE-2026-4878 | Med | 0.37 | 6.7 | 0.00 | Apr 9, 2026 | A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an… | ||
| CVE-2023-2602 | 0.00 | — | 0.00 | Jun 6, 2023 | A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. | |||
| CVE-2023-2603 | 0.00 | — | 0.01 | Jun 6, 2023 | A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. | |||
| CVE-2011-4099 | 0.00 | — | 0.00 | Feb 8, 2014 | The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors. |
- risk 0.40cvss 6.1epss 0.00
The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability…
- risk 0.37cvss 6.7epss 0.00
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an…
- CVE-2023-2602Jun 6, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.
- CVE-2023-2603Jun 6, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.
- CVE-2011-4099Feb 8, 2014risk 0.00cvss —epss 0.00
The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.