Local Privilege Escalation Vulnerability in Needrestart by Liske
CVE-2022-30688

7.8HIGH

Key Information:

Vendor

Needrestart Project

Status
Needrestart
Vendor
CVE Published:
17 May 2022

What is CVE-2022-30688?

The Needrestart tool versions ranging from 0.8 to 3.5 have a local privilege escalation vulnerability. This issue stems from the use of unanchored regex patterns while detecting interpreters for Perl, Python, and Ruby. A local user can exploit this flaw to gain elevated privileges on the system when Needrestart checks for outdated source files used by these interpreters. To mitigate this risk, users are advised to upgrade to version 3.6 or later, which contains security improvements addressing this vulnerability.

References

https://github.com/liske/needrestart/releases/tag/v3.6
x_refsource_MISC
https://github.com/liske/needrestart/commit/e6e58136e1e3c...
x_refsource_MISC
https://lists.debian.org/debian-security-announce/2022/ms...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-30688 : Local Privilege Escalation Vulnerability in Needrestart by Liske