Vulnerability Description
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Seatd Project | Seatd | >= 0.6.0, < 0.6.4 |
Related Weaknesses (CWE)
References
- https://github.com/kennylevinsen/seatd/commit/10658dc5439db429af0088295a051c5392
- https://github.com/kennylevinsen/seatd/commit/7cffe0797fdb17a9c08922339465b1b187
- https://github.com/kennylevinsen/seatd/compare/0.6.3...0.6.4Release NotesThird Party Advisory
- https://github.com/kennylevinsen/seatd/tagsThird Party Advisory
- https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wThird Party Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-25643
- https://github.com/kennylevinsen/seatd/commit/10658dc5439db429af0088295a051c5392
- https://github.com/kennylevinsen/seatd/commit/7cffe0797fdb17a9c08922339465b1b187
- https://github.com/kennylevinsen/seatd/compare/0.6.3...0.6.4Release NotesThird Party Advisory
- https://github.com/kennylevinsen/seatd/tagsThird Party Advisory
- https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wThird Party Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-25643
FAQ
What is CVE-2022-25643?
CVE-2022-25643 is a vulnerability with a CVSS score of 9.8 (CRITICAL). seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.
How severe is CVE-2022-25643?
CVE-2022-25643 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-25643?
Check the references section above for vendor advisories and patch information. Affected products include: Seatd Project Seatd.