VulnerableCode Package Details - pkg:deb/debian/bubblewrap@0.11.0-2?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4rhf-2r64-93fg	When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.	CVE-2017-5226
VCID-dnct-hqvm-4yhe	Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.	CVE-2016-8659
VCID-qesp-mexv-ekdq	Bubblewrap misuses temporary directories allowing local code execution.	CVE-2019-12439
VCID-vtup-4qk6-guf4	bubblewrap: privilege escalation in some kernel configurations	CVE-2020-5291

Vulnerability

Summary

Aliases

VCID-4rhf-2r64-93fg

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.

CVE-2017-5226

VCID-dnct-hqvm-4yhe

Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.

CVE-2016-8659

VCID-qesp-mexv-ekdq

Bubblewrap misuses temporary directories allowing local code execution.

CVE-2019-12439

VCID-vtup-4qk6-guf4

bubblewrap: privilege escalation in some kernel configurations

CVE-2020-5291

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:23:16.412265+00:00	Debian Importer	Fixing	VCID-vtup-4qk6-guf4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:42:01.488230+00:00	Debian Importer	Fixing	VCID-4rhf-2r64-93fg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:47:27.688969+00:00	Debian Importer	Fixing	VCID-qesp-mexv-ekdq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:42:26.103547+00:00	Debian Importer	Fixing	VCID-dnct-hqvm-4yhe	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:13:56.302584+00:00	Debian Importer	Fixing	VCID-vtup-4qk6-guf4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:14:16.971577+00:00	Debian Importer	Fixing	VCID-4rhf-2r64-93fg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:32:24.217377+00:00	Debian Importer	Fixing	VCID-qesp-mexv-ekdq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:27:18.298769+00:00	Debian Importer	Fixing	VCID-dnct-hqvm-4yhe	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:18:17.359893+00:00	Debian Importer	Fixing	VCID-vtup-4qk6-guf4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:08.056538+00:00	Debian Importer	Fixing	VCID-4rhf-2r64-93fg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:56.253136+00:00	Debian Importer	Fixing	VCID-qesp-mexv-ekdq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:38.595410+00:00	Debian Importer	Fixing	VCID-dnct-hqvm-4yhe	https://security-tracker.debian.org/tracker/data/json	38.1.0