In snapd versions prior to 2.62, snapd failed to properly check the file
type when extracting a snap. The snap format is a squashfs file-system
image and so can contain files that are non-regular files (such as pipes 
or sockets etc). Various file entries within the snap squashfs image
(such as icons etc) are directly read by snapd when it is extracted. An 
attacker who could convince a user to install a malicious snap which
contained non-regular files at these paths could then cause snapd to block
indefinitely trying to read from such files and cause a denial of service.
                
            Metrics
Affected Vendors & Products
References
        History
                    Mon, 26 Aug 2024 17:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Canonical Canonical snapd | |
| Weaknesses | NVD-CWE-noinfo | |
| CPEs | cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:* | |
| Vendors & Products | Canonical Canonical snapd | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: canonical
Published: 2024-07-25T19:28:05.480Z
Updated: 2024-08-02T01:03:51.709Z
Reserved: 2024-03-14T23:09:12.771Z
Link: CVE-2024-29068
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-07-25T20:21:40.488Z
 NVD
                        NVD
                    Status : Modified
Published: 2024-07-25T20:15:04.280
Modified: 2024-11-21T09:07:29.217
Link: CVE-2024-29068
 Redhat
                        Redhat
                    No data.