CVE-2020-27348

snapcraft may build snaps with incorrect LD_LIBRARY_PATH

CVSS 6.8 MEDIUMEPSS 0.7%CWE-427

In short

Snapcraft incorrectly includes the current directory in LD_LIBRARY_PATH during snap building, allowing a malicious snap to execute code within another snap's context if both share access to the home directory or similar interfaces.

Technical detail

A path traversal vulnerability in snapcraft's build process results in LD_LIBRARY_PATH misconfiguration, enabling privilege escalation when two snaps with shared interface access (home, etc.) coexist on the same system. An attacker controlling one snap can inject malicious libraries that execute within another snap's runtime environment.

Summary generated and translated by AI from the official description.

In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

Affected products

Canonical · snapcraft

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugs.launchpad.net/bugs/1901572 https://github.com/snapcore/snapcraft/pull/3345 https://usn.ubuntu.com/usn/usn-4661-1