Homepage

benchexec@2.0 vulnerabilities

A Framework for Reliable Benchmarking and Resource Measurement.

  • latest version

    3.32

  • latest non vulnerable version

    3.32

  • first published

    10 years ago

  • latest version published

    5 days ago

  • licenses detected

  • View benchexec package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the benchexec package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Race Condition

    benchexec is a framework for reliable benchmarking and resource measurement.

    Affected versions of this package are vulnerable to Race Condition via the asynchronous StartTransientUnit method within cgroupsv2.py. An attacker could manipulate the timing of transient unit creation, leading to inaccurate benchmarking results or denial of service.

    Note:

    This is only exploitable if the attacker has precise control over systemd interactions.

    How to fix Race Condition?

    Upgrade benchexec to version 3.26 or higher.

    [,3.26)
    • H
    Insufficiently Protected Credentials

    benchexec is a framework for reliable benchmarking and resource measurement.

    Affected versions of this package are vulnerable to Insufficiently Protected Credentials via access to the kernel keyring of the user who launched the BenchExec process from inside a container (this is because, before Linux 5.2, keyrings were not namespace-aware).

    How to fix Insufficiently Protected Credentials?

    Upgrade benchexec to version 2.2 or higher.

    [,2.2)
    Go back to all versions of this package