What is CVE-2024-29069?

CVE-2024-29069 is a medium-severity vulnerability in Canonical Snapd, classified under Externally Controlled Reference to a Resource in Another Sphere. CVSS score: 4.8/10. Published 2024-07-25.

How severe is CVE-2024-29069?

Medium severity. CVSS v3 base score is 4.8 out of 10.

Vulnerability in Canonical Snapd

CVE-2024-29069

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file…

EPSS: 0.000 (11.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L.

Affected products

Canonical Snapd — versions 0

Weakness classification (CWE)

CWE-610 — Externally Controlled Reference to a Resource in Another Sphere

References

github.com/snapcore/snapd/pull/13682

Frequently asked questions

What is CVE-2024-29069?: CVE-2024-29069 is a medium-severity vulnerability in Canonical Snapd, classified under Externally Controlled Reference to a Resource in Another Sphere. CVSS score: 4.8/10. Published 2024-07-25.
How severe is CVE-2024-29069?: Medium severity. CVSS v3 base score is 4.8 out of 10.