CVE-2024-48992

Published: Nov 19, 2024Modified: Nov 3, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: security@ubuntu.com (Secondary)

Description

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.

Affected (1)

Products: Needrestart Project: Needrestart

Needrestart Project

1 product

Needrestart

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Needrestart Project Needrestart	Before 3.8

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (6)

https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f

Source: security@ubuntu.com

Patch

https://www.cve.org/CVERecord?id=CVE-2024-48992

Source: security@ubuntu.com

VDB Entry

https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

Source: security@ubuntu.com

Third Party Advisory

http://seclists.org/fulldisclosure/2024/Nov/17

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2024/11/msg00014.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.openwall.com/lists/oss-security/2024/11/19/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

Timeline

No history available yet.