{"id":"CVE-2017-5206","details":"Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.","modified":"2026-04-11T04:59:39.171987Z","published":"2017-03-23T16:59:00.417Z","related":["openSUSE-SU-2024:10759-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97120"},{"type":"ADVISORY","url":"https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51"},{"type":"ADVISORY","url":"https://firejail.wordpress.com/download-2/release-notes/"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/07/5"},{"type":"FIX","url":"https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e"},{"type":"FIX","url":"https://security.gentoo.org/glsa/201701-62"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/netblue30/firejail","events":[{"introduced":"0"},{"fixed":"e0422ca2be6482f375400562b68e9d72d739964b"},{"fixed":"6b8dba29d73257311564ee7f27b9b14758cc693e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.9.44.4"}]}}],"versions":["0.9.30","0.9.30-rc1","0.9.32","0.9.32-rc1","0.9.34","0.9.34-rc1","0.9.36","0.9.36-rc1","0.9.38","0.9.38-rc1","0.9.40","0.9.40-rc1","0.9.42","0.9.42-rc1","0.9.42-rc2","0.9.44","0.9.44-rc1","0.9.44.2","disable-globalcfg"],"database_specific":{"vanir_signatures":[{"id":"CVE-2017-5206-66366121","deprecated":false,"target":{"file":"src/firejail/main.c","function":"detect_allow_debuggers"},"signature_type":"Function","source":"https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e","signature_version":"v1","digest":{"function_hash":"65792200794165758615890651797367375440","length":325}},{"id":"CVE-2017-5206-6d0d65a2","deprecated":false,"target":{"file":"src/firejail/main.c"},"signature_type":"Line","source":"https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e","signature_version":"v1","digest":{"line_hashes":["54599638741106254987302327452253934160","33607893010149723093548560133734141643","240378706286755339177978268301134147669","338742974002775008775820326758804651198","48639820909732886781516077881910579693","38338447638600750539827456274630738234","151420242146240698399504753220659614634","190608544414440206834505349026983060588"],"threshold":0.9}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5206.json","vanir_signatures_modified":"2026-04-11T04:59:39Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}