CVE-2018-6560

HIGH

Flatpak < 0.8.9 and 0.9.x-0.10.x < 0.10.3 - Sandbox Escape via D-Bus Message Whitespace Handling

Title source: llm

Description

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.

References (4)

Core 4

Core References

Patch, Vendor Advisory x_refsource_confirm

https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6

View Patch ZIP pw:eip

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2766

Release Notes x_refsource_confirm

https://github.com/flatpak/flatpak/releases/tag/0.10.3

Release Notes x_refsource_confirm

https://github.com/flatpak/flatpak/releases/tag/0.8.9

Scores

CVSS v3 8.8

EPSS 0.0042

EPSS Percentile 33.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-436

Status published

Products (8)

flatpak/flatpak < 0.8.9

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_server 7.0

redhat/enterprise_linux_server_aus 7.6

redhat/enterprise_linux_server_eus 7.5

redhat/enterprise_linux_server_eus 7.6

redhat/enterprise_linux_server_tus 7.6

redhat/enterprise_linux_workstation 7.0

Published Feb 02, 2018

Tracked Since Feb 18, 2026