| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.7 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as critical has been discovered in Canonical Apport up to 2.20.x. This impacts an unknown function. The manipulation results in race condition. This vulnerability is identified as CVE-2021-3899. There is not any exploit available. It is advisable to upgrade the affected component.
Details
A vulnerability was found in Canonical Apport up to 2.20.x. It has been classified as critical. Affected is an unknown functionality. The manipulation with an unknown input leads to a race condition vulnerability. CWE is classifying the issue as CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.
The weakness was released by Muqing Liu. The advisory is available at bugs.launchpad.net. This vulnerability is traded as CVE-2021-3899 since 10/23/2021. The exploitability is told to be easy. The technical details are unknown and an exploit is not available.
Upgrading to version 2.21.0 eliminates this vulnerability.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.9VulDB Meta Temp Score: 7.7
VulDB Base Score: 8.0
VulDB Temp Score: 7.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CNA Base Score: 7.8
CNA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Race conditionCWE: CWE-362
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Apport 2.21.0
Timeline
10/23/2021 🔍06/03/2024 🔍
06/03/2024 🔍
08/27/2025 🔍
Sources
Advisory: bugs.launchpad.netResearcher: Muqing Liu
Status: Confirmed
CVE: CVE-2021-3899 (🔍)
GCVE (CVE): GCVE-0-2021-3899
GCVE (VulDB): GCVE-100-266946
Entry
Created: 06/03/2024 21:13Updated: 08/27/2025 00:42
Changes: 06/03/2024 21:13 (53), 06/04/2024 13:20 (1), 08/19/2024 18:36 (12), 08/27/2025 00:42 (9)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.