This page lists publicly disclosed CVE vulnerabilities affecting canonical apport (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-5467 | It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups. | [email protected] | 1.9 | 0.01% | 2025-12-10 | 2025-12-17 |
| CVE-2025-5054 | Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport | [email protected] | 4.7 | 0.01% | 2025-05-30 | 2025-11-03 |
| CVE-2020-11936 | gdbus setgid privilege escalation | [email protected] | 3.1 | 0.16% | 2025-01-31 | 2025-08-26 |
| CVE-2022-28653 | Users can consume unlimited disk space in /var/crash | [email protected] | 7.5 | 0.19% | 2025-01-31 | 2025-08-26 |
| CVE-2022-1242 | Apport can be tricked into connecting to arbitrary sockets as the root user | [email protected] | 7.8 | 0.05% | 2024-06-03 | 2025-08-22 |
| CVE-2021-3899 | There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. | [email protected] | 7.8 | 2.25% | 2024-06-03 | 2025-08-26 |
| CVE-2023-1326 | A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit. | [email protected] | 7.7 | 5.05% | 2023-04-13 | 2024-11-21 |
| CVE-2021-3710 | An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; | [email protected] | 6.5 | 0.05% | 2021-10-01 | 2024-11-21 |
| CVE-2021-3709 | Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; | [email protected] | 6.5 | 0.06% | 2021-10-01 | 2024-11-21 |
| CVE-2021-32557 | It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. | [email protected] | 5.2 | 0.06% | 2021-06-12 | 2024-11-21 |
| CVE-2021-32556 | It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. | [email protected] | 3.8 | 0.13% | 2021-06-12 | 2024-11-21 |
| CVE-2021-25684 | It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. | [email protected] | 8.8 | 0.04% | 2021-06-11 | 2025-11-03 |
| CVE-2021-25683 | It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. | [email protected] | 8.8 | 0.05% | 2021-06-11 | 2024-11-21 |
| CVE-2021-25682 | It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. | [email protected] | 8.8 | 0.06% | 2021-06-11 | 2024-11-21 |
| CVE-2020-15702 | TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234. | [email protected] | 7.0 | 0.04% | 2020-08-06 | 2025-11-03 |
| CVE-2020-15701 | An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6. | [email protected] | 5.5 | 0.12% | 2020-08-06 | 2024-11-21 |
| CVE-2015-1341 | Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. | [email protected] | 7.4 | 0.14% | 2019-04-22 | 2024-11-21 |