{"id":"CVE-2022-37706","details":"enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.","modified":"2026-04-16T00:01:19.996665786Z","published":"2022-12-25T19:15:10.440Z","related":["openSUSE-SU-2022:10153-1","openSUSE-SU-2024:12365-1"],"references":[{"type":"FIX","url":"https://git.enlightenment.org/enlightenment/enlightenment/commit/cae78cbb169f237862faef123e4abaf63a1f5064"},{"type":"FIX","url":"https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141"},{"type":"EVIDENCE","url":"https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-37706.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"0.25.4"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}