VulnerableCode Package Details - pkg:deb/debian/libcgroup@0.38-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/libcgroup@0.38-1

Essentials
History (3)

purl	pkg:deb/debian/libcgroup@0.38-1

Next non-vulnerable version	0.41-8.1
Latest non-vulnerable version	0.41-8.1
Risk	2.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-xt8j-1xp9-wycf Aliases: CVE-2018-14348		0.41-8.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-654c-883f-pbg8	Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.	CVE-2011-1006
VCID-adjd-c317-1uf6	The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.	CVE-2011-1022

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T06:36:25.816481+00:00	Debian Oval Importer	Fixing	VCID-654c-883f-pbg8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T06:05:03.521595+00:00	Debian Oval Importer	Fixing	VCID-adjd-c317-1uf6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T04:05:42.822557+00:00	Debian Oval Importer	Affected by	VCID-xt8j-1xp9-wycf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0