CVE-2019-20795

NameCVE-2019-20795
Descriptioniproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
iproute2 (PTS)stretch4.9.0-1+deb9u1fixed
buster4.20.0-2vulnerable
bullseye, sid5.8.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iproute2sourcejessie(not affected)
iproute2sourcestretch(not affected)
iproute2source(unstable)5.2.0-1

Notes

[buster] - iproute2 <no-dsa> (Minor issue)
[stretch] - iproute2 <not-affected> (Vulnerable code introduced later)
[jessie] - iproute2 <not-affected> (Vulnerable code introduced later)
Fixed by: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10 (v5.1.0)
Introduced in: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=86bf43c7c2fdc33d7c021b4a1add1c8facbca51c (v4.15.0)

Search for package or bug name: Reporting problems