Vulnerability Details : CVE-2021-3709
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
Vulnerability category: Directory traversal
Products affected by CVE-2021-3709
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu8:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu9:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu11:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu12:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu13:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu14:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu15:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu16:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu17:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu18:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu19:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu20:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu21:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu22:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu23:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu24:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu25:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu26:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.2:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.3:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.4:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.5:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu1:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu2:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu3:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu4:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu5:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu6:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.1:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.2:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.3:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.4:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.5:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.6:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.7:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.8:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.9:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.11:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.12:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.13:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.14:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.15:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu1:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.1:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.2:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.4:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.5:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.6:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.7:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.8:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.9:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.12:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.13:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.14:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.15:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.16:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.17:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.18:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.19:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.20:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.21:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.22:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.23:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu1:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu2:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.1:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.2:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.3:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.4:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.5:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.6:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.7:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.8:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.9:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.11:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.12:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.13:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.14:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.15:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.16:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.17:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.18:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.19:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.20:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.21:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.23:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.24:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.25:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.27:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.28:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.29:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.29\+esm7:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.25:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.26:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.27:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.28:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.30:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.30\+esm1:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.16:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.17:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.18:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.19:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.20:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.21:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.23:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.24:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.6:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.7:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.8:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.9:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.11:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.12:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.13:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.14:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.16:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.17:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.18:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu28:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu29:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu30:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu31:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu32:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu33:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu34:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu35:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu36:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu37:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu38:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu39:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu40:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu41:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu42:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu43:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu44:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu45:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu46:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu47:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu48:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu49:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.1:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.2:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.3:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.5:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.7:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu51:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu52:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu53:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu54:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu55:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu56:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu57:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu58:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu59:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu60:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu61:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu62:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu63:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu64:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu65:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apport:2.20.11-0ubuntu65.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3709
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3709
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
2.0
|
4.0
|
Canonical Ltd. |
CWE ids for CVE-2021-3709
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
-
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.Assigned by: security@ubuntu.com (Secondary)
References for CVE-2021-3709
-
https://ubuntu.com/security/notices/USN-5077-1
USN-5077-1: Apport vulnerabilities | Ubuntu security notices | UbuntuVendor Advisory
-
https://ubuntu.com/security/notices/USN-5077-2
USN-5077-2: Apport vulnerabilities | Ubuntu security notices | UbuntuVendor Advisory
-
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308
Bug #1934308 “Arbitrary file read in general hook (ubuntu.py)” : Bugs : apport package : UbuntuExploit;Vendor Advisory
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709
CVE - CVE-2021-3709Third Party Advisory
Jump to