First published: Tue May 17 2022(Updated: )
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Needrestart Project Needrestart | >=0.8<3.6 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
debian/needrestart | 3.4-5+deb10u1 3.5-4+deb11u3 3.5-4+deb11u1 3.6-4 3.6-5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-30688 is a vulnerability in needrestart 0.8 through 3.5 before 3.6 that allows a local user to escalate privileges.
CVE-2022-30688 affects needrestart versions 0.8 through 3.5 before 3.6 by not anchoring the regexes used to detect the Perl, Python, and Ruby interpreters, allowing local privilege escalation.
needrestart versions 0.8 through 3.5 before 3.6, as well as Debian Linux versions 9.0, 10.0, and 11.0, are affected by CVE-2022-30688.
CVE-2022-30688 has a severity score of 7.8, which is considered high.
To fix CVE-2022-30688, it is recommended to update to needrestart version 3.6 or higher.