In snapd versions prior to 2.62, snapd failed to properly check the file
type when extracting a snap. The snap format is a squashfs file-system
image and so can contain files that are non-regular files (such as pipes
or sockets etc). Various file entries within the snap squashfs image
(such as icons etc) are directly read by snapd when it is extracted. An
attacker who could convince a user to install a malicious snap which
contained non-regular files at these paths could then cause snapd to block
indefinitely trying to read from such files and cause a denial of service.
Metrics
Affected Vendors & Products
References
History
Mon, 26 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Canonical
Canonical snapd |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:* | |
Vendors & Products |
Canonical
Canonical snapd |
MITRE
Status: PUBLISHED
Assigner: canonical
Published: 2024-07-25T19:28:05.480Z
Updated: 2024-08-02T01:03:51.709Z
Reserved: 2024-03-14T23:09:12.771Z
Link: CVE-2024-29068
Vulnrichment
Updated: 2024-07-25T20:21:40.488Z
NVD
Status : Modified
Published: 2024-07-25T20:15:04.280
Modified: 2024-11-21T09:07:29.217
Link: CVE-2024-29068
Redhat
No data.