VulnerableCode Package Details - pkg:deb/debian/firejail@0.9.64.4-2%2Bdeb11u1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-amhq-f69a-cqcp	Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.	CVE-2020-17368
VCID-d7wz-2aws-e7cw	Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.	CVE-2021-26910
VCID-frfr-nhbx-qubn	A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.	CVE-2022-31214
VCID-vr8g-6fet-q7ag	Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.	CVE-2020-17367

Vulnerability

Summary

Aliases

VCID-amhq-f69a-cqcp

Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.

CVE-2020-17368

VCID-d7wz-2aws-e7cw

Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.

CVE-2021-26910

VCID-frfr-nhbx-qubn

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.

CVE-2022-31214

VCID-vr8g-6fet-q7ag

Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.

CVE-2020-17367

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:57:43.796870+00:00	Debian Oval Importer	Fixing	VCID-vr8g-6fet-q7ag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:05:41.804612+00:00	Debian Oval Importer	Fixing	VCID-d7wz-2aws-e7cw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:50:36.307068+00:00	Debian Oval Importer	Fixing	VCID-frfr-nhbx-qubn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:31:59.033880+00:00	Debian Oval Importer	Fixing	VCID-amhq-f69a-cqcp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0