Back to search
CVE-2022-1348
Published: May 25, 2022
Modified: Jun 9, 2025
PUBLISHED
Description
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.
| Vendor | Product | Versions |
|---|---|---|
n/a | logrotate | affected logrotate versions before 3.20.0 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-1348
x_refsource_MISC
[oss-security] 20220525 Re: CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file
mailing-list
x_refsource_MLIST
[oss-security] 20220525 Re: Re: CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file
mailing-list
x_refsource_MLIST
[oss-security] 20220525 Re: Re: CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file
mailing-list
x_refsource_MLIST
FEDORA-2022-87c0f05204
vendor-advisory
x_refsource_FEDORA
FEDORA-2022-ff0188b37c
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now