CVE-2018-6560

HIGH

Flatpak < 0.8.9 - Interpretation Conflict

Title source: rule

Description

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.

References (4)

[Patch, Vendor Advisory] https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6

View Patch ZIP pw:eip

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:2766

[Release Notes] https://github.com/flatpak/flatpak/releases/tag/0.10.3

[Release Notes] https://github.com/flatpak/flatpak/releases/tag/0.8.9

Scores

CVSS v3 8.8

EPSS 0.0009

EPSS Percentile 25.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-436

Status published

Products (8)

flatpak/flatpak < 0.8.9

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_server 7.0

redhat/enterprise_linux_server_aus 7.6

redhat/enterprise_linux_server_eus 7.5

redhat/enterprise_linux_server_eus 7.6

redhat/enterprise_linux_server_tus 7.6

redhat/enterprise_linux_workstation 7.0

Published Feb 02, 2018

Tracked Since Feb 18, 2026