Description
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
References (7)
Core 7
Core References
Issue Tracking, Patch
https://bugzilla.redhat.com/show_bug.cgi?id=1411811
Exploit, Patch, Vendor Advisory
https://github.com/projectatomic/bubblewrap/issues/142
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/97260
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2020/07/10/1
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2023/03/17/1
Scores
CVSS v3
10.0
EPSS
0.1038
EPSS Percentile
93.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
projectatomic/bubblewrap
< 0.1.5
Published
Mar 29, 2017
Tracked Since
Feb 18, 2026