VDB
CVE-2022-30688
CVE-2022-30688
PUBLISHED
CVSS 7.800000190734863 HIGH
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.
EPSS 0.05% · 16.5th percentile
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.05%
16.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| needrestart_project | needrestart | 0.8 |
| debian | debian_linux | 9.0, 10.0, 11.0 |
| n/a | n/a | n/a |
Exploit Intelligence
- http://seclists.org/fulldisclosure/2024/Nov/17 (circl)
- http://seclists.org/fulldisclosure/2024/Nov/15 (circl)
- https://github.com/liske/needrestart/releases/tag/v3.6 (circl)
- https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30 (circl)
- https://lists.debian.org/debian-security-announce/2022/msg00105.html (circl)
- https://www.openwall.com/lists/oss-security/2022/05/17/9 (circl)
- [oss-security] 20220517 CVE-2022-30688: needrestart 0.8+ local privilege escalation (circl)
- DSA-5137 (circl)
- [debian-lts-announce] 20220518 [SECURITY] [DLA 3013-1] needrestart security update (circl)
- needrestart Local Privilege Escalation Vulnerability (0day-today)
…and 1 more exploits
Timeline
- May 17, 2022 CVE Published
- May 18, 2022 EPSS Score
- Jul 6, 2022 EPSS Score
- Aug 25, 2022 EPSS Score
- Oct 13, 2022 EPSS Score
- Dec 1, 2022 EPSS Score
- Jan 19, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 9, 2023 EPSS Score
- Apr 27, 2023 EPSS Score
- Jun 15, 2023 EPSS Score
- Aug 3, 2023 EPSS Score
References
- https://github.com/liske/needrestart/releases/tag/v3.6 url
- https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30 url
- https://lists.debian.org/debian-security-announce/2022/msg00105.html url
- https://www.openwall.com/lists/oss-security/2022/05/17/9 url
- [oss-security] 20220517 CVE-2022-30688: needrestart 0.8+ local privilege escalation mailing-list
- DSA-5137 vendor-advisory
- [debian-lts-announce] 20220518 [SECURITY] [DLA 3013-1] needrestart security update mailing-list
- http://seclists.org/fulldisclosure/2024/Nov/17 url
- http://seclists.org/fulldisclosure/2024/Nov/15 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-30688 advisory