{"id":"CVE-2019-12589","details":"In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker.","modified":"2026-04-16T00:00:04.328878541Z","published":"2019-06-03T03:29:00.320Z","related":["openSUSE-SU-2024:10759-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDY7B73YDRBURA25APSHD5PFEO4TNSFW/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGVULJ6IKVDO6UAVIQRHQVSKOUD6QDWM/"},{"type":"ADVISORY","url":"https://github.com/netblue30/firejail/releases/tag/0.9.60"},{"type":"FIX","url":"https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134"},{"type":"FIX","url":"https://github.com/netblue30/firejail/issues/2718"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/netblue30/firejail","events":[{"introduced":"0"},{"fixed":"a28018056f261144a93536a7cb4d0330415d0bd3"},{"fixed":"eecf35c2f8249489a1d3e512bb07f0d427183134"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:firejail_project:firejail:*:*:*:*:-:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"0.9.60"}]}}],"versions":["0.9.30","0.9.30-rc1","0.9.32","0.9.32-rc1","0.9.34","0.9.34-rc1","0.9.36","0.9.36-rc1","0.9.38","0.9.38-rc1","0.9.40","0.9.40-rc1","0.9.42","0.9.42-rc1","0.9.42-rc2","0.9.44","0.9.44-rc1","0.9.46-rc1","0.9.48","0.9.50-rc1","0.9.52","0.9.54","0.9.54-rc1","0.9.54-rc2","0.9.56","0.9.56-rc1","0.9.58","0.9.58-rc1","0.9.58.2","0.9.60-rc1","disable-globalcfg"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","source":"https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134","target":{"file":"src/firejail/sandbox.c"},"signature_type":"Line","id":"CVE-2019-12589-3d6ae38b","deprecated":false,"digest":{"line_hashes":["67384363026242426742986726082890850129","19415567598975183596019452508667436159","130148424615959383458986732663975396341","202027948952345477571722551091106582240","87974669774181718622592430863085918492","321523673279560823851681095757410004807","187280022735004742100647671735448622911","8069271742313920031112158992276591838","19214700526563294267781882646734131594"],"threshold":0.9}},{"digest":{"length":905,"function_hash":"185338667876474185884415895026310874088"},"source":"https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134","target":{"function":"fslib_copy_libs","file":"src/firejail/fs_lib.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2019-12589-82644d56"},{"digest":{"length":11535,"function_hash":"39175738399954804034304960284434844156"},"source":"https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134","target":{"function":"sandbox","file":"src/firejail/sandbox.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2019-12589-8874a029"},{"id":"CVE-2019-12589-bf447656","source":"https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134","target":{"file":"src/firejail/preproc.c"},"digest":{"line_hashes":["181295529527059301025130108654719039424","281713290536667111186861140124111849145","319265215379820672325204568265724420722","198553540468420987981228145493173222261"],"threshold":0.9},"signature_version":"v1","deprecated":false,"signature_type":"Line"},{"signature_type":"Function","source":"https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134","target":{"function":"preproc_mount_mnt_dir","file":"src/firejail/preproc.c"},"id":"CVE-2019-12589-dc6895da","digest":{"length":1252,"function_hash":"160347950863082451403219399017254734719"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","source":"https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134","target":{"file":"src/firejail/fs_lib.c"},"id":"CVE-2019-12589-f04da084","digest":{"line_hashes":["241379729169780835141105620300136314318","140670022831521536393275712435736562455","165790761023700795151404812636586624985","89242058394535355447115621840568165073"],"threshold":0.9},"deprecated":false,"signature_version":"v1"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12589.json","vanir_signatures_modified":"2026-04-11T21:44:35Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}