CVE-2021-3709
Summary
| CVE | CVE-2021-3709 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-10-01 03:15:00 UTC |
| Updated | 2022-10-27 13:02:00 UTC |
| Description | Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Canonical | Apport | 2.14.1-0ubuntu1 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu2 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.1 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.10 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.11 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.12 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.13 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.14 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.15 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.16 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.17 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.18 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.19 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.2 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.20 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.21 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.23 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.24 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.25 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.27 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.28 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.29 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.29\+esm7 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.3 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.4 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.5 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.6 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.7 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.8 | All | All | All |
| Application | Canonical | Apport | 2.14.1-0ubuntu3.9 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu1 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.1 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.10 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.12 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.13 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.14 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.15 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.16 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.17 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.18 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.19 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.2 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.20 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.21 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.22 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.23 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.25 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.26 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.27 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.28 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.30 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.30\+esm1 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.4 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.5 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.6 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.7 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.8 | All | All | All |
| Application | Canonical | Apport | 2.20.1-0ubuntu2.9 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu10 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu11 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu12 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu13 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu14 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu15 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu16 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu17 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu18 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu19 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu20 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu21 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu22 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu23 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu24 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu25 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu26 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.10 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.11 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.12 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.13 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.14 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.16 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.17 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.18 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.2 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.3 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.4 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.5 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.6 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.7 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.8 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu27.9 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu28 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu29 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu30 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu31 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu32 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu33 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu34 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu35 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu36 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu37 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu38 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu39 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu40 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu41 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu42 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu43 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu44 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu45 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu46 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu47 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu48 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu49 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu50 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu50.1 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu50.2 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu50.3 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu50.5 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu50.7 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu51 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu52 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu53 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu54 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu55 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu56 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu57 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu58 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu59 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu60 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu61 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu62 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu63 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu64 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu65 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu65.1 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu8 | All | All | All |
| Application | Canonical | Apport | 2.20.11-0ubuntu9 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu1 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu2 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu3 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu4 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu5 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu6 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.1 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.10 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.11 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.12 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.13 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.14 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.15 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.16 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.17 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.18 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.19 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.2 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.20 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.21 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.23 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.24 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.3 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.4 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.5 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.6 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.7 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.8 | All | All | All |
| Application | Canonical | Apport | 2.20.9-0ubuntu7.9 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 20.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 21.04 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bug #1934308 “Arbitrary file read in general hook (ubuntu.py)” : Bugs : apport package : Ubuntu | MISC | bugs.launchpad.net | |
| CVE - CVE-2021-3709 | MISC | cve.mitre.org | |
| USN-5077-1: Apport vulnerabilities | Ubuntu security notices | Ubuntu | MISC | ubuntu.com | |
| USN-5077-2: Apport vulnerabilities | Ubuntu security notices | Ubuntu | MISC | ubuntu.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Maik Münch ([email protected])(@fktio)
Legacy QID Mappings
- 198499 Ubuntu Security Notification for Apport Vulnerabilities (USN-5077-1)