Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
libgio 权限许可和访问控制问题漏洞
Vulnerability Description
spice是一个企业虚拟化桌面版所使用的自适应远程呈现开源协议。该产品主要用于将用户与其虚拟桌面进行连接,能够提供与物理桌面完全相同的最终用户体验。libgio是GLib 虚拟文件系统 API。 libgio 存在权限许可和访问控制问题漏洞。本地攻击者可利用该漏洞通过DBUS_SYSTEM_BUS_ADDRESS环境变量获取特权并执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A