Recent CVEs
CVE-2022-28658
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
CVE-2022-28657
Apport does not disable python crash handler before entering chroot
CVE-2022-28656
is_closing_session() allows users to consume RAM in the Apport process
CVE-2022-28655
is_closing_session() allows users to create arbitrary tcp dbus connections
CVE-2022-28654
is_closing_session() allows users to fill up apport.log
CVE-2022-28652
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
CVE-2022-1242
Apport can be tricked into connecting to arbitrary sockets as the root user
CVE-2021-3899
There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.
CVE-2023-1326
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.