benchexec@3.6 vulnerabilities

A Framework for Reliable Benchmarking and Resource Measurement.

  • latest version

    3.27

  • latest non vulnerable version

  • first published

    9 years ago

  • latest version published

    1 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the benchexec package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Race Condition

    benchexec is a framework for reliable benchmarking and resource measurement.

    Affected versions of this package are vulnerable to Race Condition via the asynchronous StartTransientUnit method within cgroupsv2.py. An attacker could manipulate the timing of transient unit creation, leading to inaccurate benchmarking results or denial of service.

    Note:

    This is only exploitable if the attacker has precise control over systemd interactions.

    How to fix Race Condition?

    Upgrade benchexec to version 3.26 or higher.

    [,3.26)