In dbus-proxy/flatpak-proxy.c in Flatpak prior to 0.8.9, and 0.9.x and 0.10.x prior to 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
flatpak flatpak |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux server eus 7.5 |
||
redhat enterprise linux server eus 7.6 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux workstation 7.0 |