Все бюллетени/sisyphus/ALT-PU-2024-18233-1
ALT-PU-2024-18233-1

Обновление пакета keepassxc в ветке sisyphus

Версия2.7.8-alt1
Задание#347752
Опубликовано2024-05-09
Макс. серьёзностьMEDIUM
Серьёзность:

Закрытые проблемы (2)

CVE-2024-33900
MEDIUM6.5

KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.

Опубликовано: 2024-05-20Изменено: 2025-06-13
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Ссылки
CVE-2024-33901
MEDIUM6.5

Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.

Опубликовано: 2024-05-20Изменено: 2025-06-13
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Ссылки