Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for needrestart by needrestart_project
CVE-2024-48992 (GCVE-0-2024-48992)
Vulnerability from nvd – Published: 2024-11-19 17:38 – Updated: 2025-11-03 22:22
VLAI?
Summary
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| needrestart | needrestart |
Affected:
0 , < 3.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:needrestart_project:needrestart:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "needrestart",
"vendor": "needrestart_project",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:31:29.009180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:32:49.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:13.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2024/11/19/1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/17"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "needrestart",
"platforms": [
"Linux"
],
"product": "needrestart",
"repo": "https://github.com/liske/needrestart",
"vendor": "needrestart",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qualys"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Thomas Liske"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T17:38:22.267Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48992"
},
{
"tags": [
"patch"
],
"url": "https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt"
}
],
"workarounds": [
{
"lang": "en",
"value": "Edit /etc/needrestart/needrestart.conf so that the following line\nappears after \"# Disable interpreter scanners.\" and reboot:\n$nrconf{interpscan} = 0;"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-48992",
"datePublished": "2024-11-19T17:38:22.267Z",
"dateReserved": "2024-10-11T16:13:54.153Z",
"dateUpdated": "2025-11-03T22:22:13.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-48991 (GCVE-0-2024-48991)
Vulnerability from nvd – Published: 2024-11-19 17:38 – Updated: 2025-11-03 22:22
VLAI?
Summary
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3).
Severity ?
7.8 (High)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| needrestart | needrestart |
Affected:
0 , < 3.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:needrestart_project:needrestart:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "needrestart",
"vendor": "needrestart_project",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:36:17.501931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T15:42:57.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:10.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/30/4"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/11/19/1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/17"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "needrestart",
"platforms": [
"Linux"
],
"product": "needrestart",
"repo": "https://github.com/liske/needrestart",
"vendor": "needrestart",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qualys"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Thomas Liske"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Salvatore Bonaccorso"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Ivan Kurnosov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system\u0027s real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T20:18:39.638Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48991"
},
{
"tags": [
"patch"
],
"url": "https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59"
},
{
"tags": [
"patch"
],
"url": "https://github.com/liske/needrestart/commit/42af5d328901287a4f79d1f5861ac827a53fd56d"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt"
}
],
"workarounds": [
{
"lang": "en",
"value": "Edit /etc/needrestart/needrestart.conf so that the following line\nappears after \"# Disable interpreter scanners.\" and reboot:\n$nrconf{interpscan} = 0;"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-48991",
"datePublished": "2024-11-19T17:38:15.691Z",
"dateReserved": "2024-10-11T16:13:54.153Z",
"dateUpdated": "2025-11-03T22:22:10.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-48990 (GCVE-0-2024-48990)
Vulnerability from nvd – Published: 2024-11-19 17:38 – Updated: 2025-11-03 22:22
VLAI?
Summary
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| needrestart | needrestart |
Affected:
0 , < 3.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:needrestart_project:needrestart:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "needrestart",
"vendor": "needrestart_project",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:47:39.271392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:49:07.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:08.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2024/11/19/1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/17"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "needrestart",
"platforms": [
"Linux"
],
"product": "needrestart",
"repo": "https://github.com/liske/needrestart",
"vendor": "needrestart",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qualys"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Thomas Liske"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T17:38:07.238Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48990"
},
{
"tags": [
"patch"
],
"url": "https://github.com/liske/needrestart/commit/fcc9a4401392231bef4ef5ed026a0d7a275149ab"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt"
}
],
"workarounds": [
{
"lang": "en",
"value": "Edit /etc/needrestart/needrestart.conf so that the following line\nappears after \"# Disable interpreter scanners.\" and reboot:\n$nrconf{interpscan} = 0;"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-48990",
"datePublished": "2024-11-19T17:38:07.238Z",
"dateReserved": "2024-10-11T16:13:54.153Z",
"dateUpdated": "2025-11-03T22:22:08.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-11003 (GCVE-0-2024-11003)
Vulnerability from nvd – Published: 2024-11-19 17:36 – Updated: 2025-11-03 21:51
VLAI?
Summary
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.
Severity ?
7.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| needrestart | needrestart |
Affected:
0 , < 3.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:needrestart_project:needrestart:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "needrestart",
"vendor": "needrestart_project",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:51:54.832013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:52:56.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:51:44.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2024/11/19/1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/17"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "needrestart",
"platforms": [
"Linux"
],
"product": "needrestart",
"repo": "https://github.com/liske/needrestart",
"vendor": "needrestart",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qualys"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Thomas Liske"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T17:36:36.682Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11003"
},
{
"tags": [
"patch"
],
"url": "https://github.com/liske/needrestart/commit/0f80a348883f72279a859ee655f58da34babefb0"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10224"
}
],
"workarounds": [
{
"lang": "en",
"value": "Edit /etc/needrestart/needrestart.conf so that the following line\nappears after \"# Disable interpreter scanners.\" and reboot:\n$nrconf{interpscan} = 0;"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-11003",
"datePublished": "2024-11-19T17:36:36.682Z",
"dateReserved": "2024-11-07T21:16:46.553Z",
"dateUpdated": "2025-11-03T21:51:44.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-30688 (GCVE-0-2022-30688)
Vulnerability from nvd – Published: 2022-05-17 18:58 – Updated: 2025-11-03 21:46
VLAI?
Summary
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:46:15.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/liske/needrestart/releases/tag/v3.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00105.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/05/17/9"
},
{
"name": "[oss-security] 20220517 CVE-2022-30688: needrestart 0.8+ local privilege escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/9"
},
{
"name": "DSA-5137",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5137"
},
{
"name": "[debian-lts-announce] 20220518 [SECURITY] [DLA 3013-1] needrestart security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00024.html"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/17"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T02:06:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/liske/needrestart/releases/tag/v3.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00105.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2022/05/17/9"
},
{
"name": "[oss-security] 20220517 CVE-2022-30688: needrestart 0.8+ local privilege escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/9"
},
{
"name": "DSA-5137",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5137"
},
{
"name": "[debian-lts-announce] 20220518 [SECURITY] [DLA 3013-1] needrestart security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/liske/needrestart/releases/tag/v3.6",
"refsource": "MISC",
"url": "https://github.com/liske/needrestart/releases/tag/v3.6"
},
{
"name": "https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30",
"refsource": "MISC",
"url": "https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30"
},
{
"name": "https://lists.debian.org/debian-security-announce/2022/msg00105.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00105.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2022/05/17/9",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/05/17/9"
},
{
"name": "[oss-security] 20220517 CVE-2022-30688: needrestart 0.8+ local privilege escalation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/9"
},
{
"name": "DSA-5137",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5137"
},
{
"name": "[debian-lts-announce] 20220518 [SECURITY] [DLA 3013-1] needrestart security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30688",
"datePublished": "2022-05-17T18:58:09.000Z",
"dateReserved": "2022-05-13T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:46:15.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-48992 (GCVE-0-2024-48992)
Vulnerability from cvelistv5 – Published: 2024-11-19 17:38 – Updated: 2025-11-03 22:22
VLAI?
Summary
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| needrestart | needrestart |
Affected:
0 , < 3.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:needrestart_project:needrestart:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "needrestart",
"vendor": "needrestart_project",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:31:29.009180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:32:49.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:13.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2024/11/19/1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/17"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "needrestart",
"platforms": [
"Linux"
],
"product": "needrestart",
"repo": "https://github.com/liske/needrestart",
"vendor": "needrestart",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qualys"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Thomas Liske"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T17:38:22.267Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48992"
},
{
"tags": [
"patch"
],
"url": "https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt"
}
],
"workarounds": [
{
"lang": "en",
"value": "Edit /etc/needrestart/needrestart.conf so that the following line\nappears after \"# Disable interpreter scanners.\" and reboot:\n$nrconf{interpscan} = 0;"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-48992",
"datePublished": "2024-11-19T17:38:22.267Z",
"dateReserved": "2024-10-11T16:13:54.153Z",
"dateUpdated": "2025-11-03T22:22:13.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-48991 (GCVE-0-2024-48991)
Vulnerability from cvelistv5 – Published: 2024-11-19 17:38 – Updated: 2025-11-03 22:22
VLAI?
Summary
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3).
Severity ?
7.8 (High)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| needrestart | needrestart |
Affected:
0 , < 3.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:needrestart_project:needrestart:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "needrestart",
"vendor": "needrestart_project",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:36:17.501931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T15:42:57.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:10.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/30/4"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/11/19/1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/17"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "needrestart",
"platforms": [
"Linux"
],
"product": "needrestart",
"repo": "https://github.com/liske/needrestart",
"vendor": "needrestart",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qualys"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Thomas Liske"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Salvatore Bonaccorso"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Ivan Kurnosov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system\u0027s real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T20:18:39.638Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48991"
},
{
"tags": [
"patch"
],
"url": "https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59"
},
{
"tags": [
"patch"
],
"url": "https://github.com/liske/needrestart/commit/42af5d328901287a4f79d1f5861ac827a53fd56d"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt"
}
],
"workarounds": [
{
"lang": "en",
"value": "Edit /etc/needrestart/needrestart.conf so that the following line\nappears after \"# Disable interpreter scanners.\" and reboot:\n$nrconf{interpscan} = 0;"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-48991",
"datePublished": "2024-11-19T17:38:15.691Z",
"dateReserved": "2024-10-11T16:13:54.153Z",
"dateUpdated": "2025-11-03T22:22:10.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-48990 (GCVE-0-2024-48990)
Vulnerability from cvelistv5 – Published: 2024-11-19 17:38 – Updated: 2025-11-03 22:22
VLAI?
Summary
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| needrestart | needrestart |
Affected:
0 , < 3.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:needrestart_project:needrestart:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "needrestart",
"vendor": "needrestart_project",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:47:39.271392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:49:07.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:08.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2024/11/19/1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/17"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "needrestart",
"platforms": [
"Linux"
],
"product": "needrestart",
"repo": "https://github.com/liske/needrestart",
"vendor": "needrestart",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qualys"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Thomas Liske"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T17:38:07.238Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48990"
},
{
"tags": [
"patch"
],
"url": "https://github.com/liske/needrestart/commit/fcc9a4401392231bef4ef5ed026a0d7a275149ab"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt"
}
],
"workarounds": [
{
"lang": "en",
"value": "Edit /etc/needrestart/needrestart.conf so that the following line\nappears after \"# Disable interpreter scanners.\" and reboot:\n$nrconf{interpscan} = 0;"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-48990",
"datePublished": "2024-11-19T17:38:07.238Z",
"dateReserved": "2024-10-11T16:13:54.153Z",
"dateUpdated": "2025-11-03T22:22:08.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-11003 (GCVE-0-2024-11003)
Vulnerability from cvelistv5 – Published: 2024-11-19 17:36 – Updated: 2025-11-03 21:51
VLAI?
Summary
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.
Severity ?
7.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| needrestart | needrestart |
Affected:
0 , < 3.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:needrestart_project:needrestart:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "needrestart",
"vendor": "needrestart_project",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:51:54.832013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:52:56.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:51:44.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2024/11/19/1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/17"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "needrestart",
"platforms": [
"Linux"
],
"product": "needrestart",
"repo": "https://github.com/liske/needrestart",
"vendor": "needrestart",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qualys"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Thomas Liske"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T17:36:36.682Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11003"
},
{
"tags": [
"patch"
],
"url": "https://github.com/liske/needrestart/commit/0f80a348883f72279a859ee655f58da34babefb0"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10224"
}
],
"workarounds": [
{
"lang": "en",
"value": "Edit /etc/needrestart/needrestart.conf so that the following line\nappears after \"# Disable interpreter scanners.\" and reboot:\n$nrconf{interpscan} = 0;"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-11003",
"datePublished": "2024-11-19T17:36:36.682Z",
"dateReserved": "2024-11-07T21:16:46.553Z",
"dateUpdated": "2025-11-03T21:51:44.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-30688 (GCVE-0-2022-30688)
Vulnerability from cvelistv5 – Published: 2022-05-17 18:58 – Updated: 2025-11-03 21:46
VLAI?
Summary
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:46:15.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/liske/needrestart/releases/tag/v3.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00105.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/05/17/9"
},
{
"name": "[oss-security] 20220517 CVE-2022-30688: needrestart 0.8+ local privilege escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/9"
},
{
"name": "DSA-5137",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5137"
},
{
"name": "[debian-lts-announce] 20220518 [SECURITY] [DLA 3013-1] needrestart security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00024.html"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/17"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T02:06:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/liske/needrestart/releases/tag/v3.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00105.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2022/05/17/9"
},
{
"name": "[oss-security] 20220517 CVE-2022-30688: needrestart 0.8+ local privilege escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/9"
},
{
"name": "DSA-5137",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5137"
},
{
"name": "[debian-lts-announce] 20220518 [SECURITY] [DLA 3013-1] needrestart security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/liske/needrestart/releases/tag/v3.6",
"refsource": "MISC",
"url": "https://github.com/liske/needrestart/releases/tag/v3.6"
},
{
"name": "https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30",
"refsource": "MISC",
"url": "https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30"
},
{
"name": "https://lists.debian.org/debian-security-announce/2022/msg00105.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00105.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2022/05/17/9",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/05/17/9"
},
{
"name": "[oss-security] 20220517 CVE-2022-30688: needrestart 0.8+ local privilege escalation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/9"
},
{
"name": "DSA-5137",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5137"
},
{
"name": "[debian-lts-announce] 20220518 [SECURITY] [DLA 3013-1] needrestart security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30688",
"datePublished": "2022-05-17T18:58:09.000Z",
"dateReserved": "2022-05-13T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:46:15.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}