CVE-2022-30688 — HIGH (7.8)

Q: How severe is CVE-2022-30688?

CVE-2022-30688 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-30688?

Check the references section above for vendor advisories and patch information. Affected products include: Needrestart Project Needrestart, Debian Debian Linux.

Vulnerability Description

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Needrestart Project	Needrestart	>= 0.8, < 3.6
Debian	Debian Linux	9.0

References

http://www.openwall.com/lists/oss-security/2022/05/17/9Mailing ListThird Party Advisory
https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dPatchThird Party Advisory
https://github.com/liske/needrestart/releases/tag/v3.6Release NotesThird Party Advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00024.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-security-announce/2022/msg00105.htmlMailing ListThird Party Advisory
https://www.debian.org/security/2022/dsa-5137Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/05/17/9Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2024/Nov/15
http://seclists.org/fulldisclosure/2024/Nov/17
http://www.openwall.com/lists/oss-security/2022/05/17/9Mailing ListThird Party Advisory
https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dPatchThird Party Advisory
https://github.com/liske/needrestart/releases/tag/v3.6Release NotesThird Party Advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00024.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-security-announce/2022/msg00105.htmlMailing ListThird Party Advisory
https://www.debian.org/security/2022/dsa-5137Third Party Advisory

FAQ

What is CVE-2022-30688?

CVE-2022-30688 is a vulnerability with a CVSS score of 7.8 (HIGH). needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges ...

How severe is CVE-2022-30688?

CVE-2022-30688 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-30688?

Check the references section above for vendor advisories and patch information. Affected products include: Needrestart Project Needrestart, Debian Debian Linux.