{"id":"CVE-2021-3747","details":"The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.","modified":"2026-07-09T05:44:41.073320Z","published":"2021-10-01T03:15:07.103Z","references":[{"type":"FIX","url":"https://github.com/canonical/multipass/issues/2261"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/canonical/multipass","events":[{"introduced":"845ea4a19d2af5a771ba5c0595a639c9542457bf"},{"fixed":"62fdeed7c43881e918c23a7bd6697d9ac0bbbf05"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:canonical:multipass:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.7.0"},{"fixed":"1.7.2"}]}}],"versions":["v1.7.0","v1.7.0-rc","v1.7.0-dev"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3747.json","vanir_signatures_modified":"2026-07-09T05:44:41Z","vanir_signatures":[{"source":"https://github.com/canonical/multipass/commit/62fdeed7c43881e918c23a7bd6697d9ac0bbbf05","target":{"file":"tests/qemu/test_firewall_config.cpp","function":"TEST_P"},"deprecated":false,"digest":{"function_hash":"221385391357558214171847670751139407669","length":907},"id":"CVE-2021-3747-0e89296e","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2021-3747-2eb58727","signature_type":"Line","signature_version":"v1","source":"https://github.com/canonical/multipass/commit/62fdeed7c43881e918c23a7bd6697d9ac0bbbf05","target":{"file":"src/platform/backends/qemu/qemu_virtual_machine_factory.cpp"},"deprecated":false,"digest":{"line_hashes":["1156312822725554047486865283847179807","295015701856279291895872938631507996514","84442062713196817251208600082906318014","136788489984620666304556977547013161297","80352587573703883777729816712025750160","40419594462747446692394058785791285846","109390479523163517101400837172580964201","120146685173391980702191687233957171393","139887541561727517490757857192835219599","156619848289861300905612801528624576051","37921849765658875087887631339655175691","237581179834343841653890764594707462406","189627718513056316666048344188444204523","152586861361056185179062376673279905840","258136367259652164887409708376848387831","265265988958400244449203386182596560228","269901953462289698198229032205524272346","42865017556104077976491064245181515949"],"threshold":0.9}},{"target":{"file":"tests/qemu/test_firewall_config.cpp"},"deprecated":false,"digest":{"line_hashes":["204541634206061268552179084650389823758","253541881093404884962366989369475219074","235234904378933758637886048539298788841","147681289007201202133362627693140225642","35125193792071004391670864666648955096","247758950700377972300419504460296800306","128772540066930238251350995672460057539","280358166839332966333356005995158974865","129787080926124686564422787745790672128","77158683522881110246726360300290549649","312091121291548131442692421451988687050","268686711564094984672447160691057490033","263439887502735598670700595259683565902"],"threshold":0.9},"id":"CVE-2021-3747-59e0fdfa","signature_type":"Line","signature_version":"v1","source":"https://github.com/canonical/multipass/commit/62fdeed7c43881e918c23a7bd6697d9ac0bbbf05"},{"target":{"file":"src/platform/backends/qemu/firewall_config.cpp","function":"detect_firewall"},"deprecated":false,"digest":{"function_hash":"94788585588101303837646141981302130030","length":378},"id":"CVE-2021-3747-8132b68e","signature_type":"Function","signature_version":"v1","source":"https://github.com/canonical/multipass/commit/62fdeed7c43881e918c23a7bd6697d9ac0bbbf05"},{"digest":{"function_hash":"87179561869193151943529470010965952490","length":903},"id":"CVE-2021-3747-8f965a8e","signature_type":"Function","signature_version":"v1","source":"https://github.com/canonical/multipass/commit/62fdeed7c43881e918c23a7bd6697d9ac0bbbf05","target":{"file":"src/platform/backends/qemu/qemu_virtual_machine_factory.cpp","function":"create_virtual_switch"},"deprecated":false},{"digest":{"line_hashes":["272544762481209318447890050290781453607","184121152531987706955774597872894326832","66709489802354153096962479817378122502","198447063755056824564672129177779481246"],"threshold":0.9},"id":"CVE-2021-3747-92675a45","signature_type":"Line","signature_version":"v1","source":"https://github.com/canonical/multipass/commit/62fdeed7c43881e918c23a7bd6697d9ac0bbbf05","target":{"file":"src/platform/backends/qemu/firewall_config.cpp"},"deprecated":false},{"id":"CVE-2021-3747-94dddbbf","signature_type":"Function","signature_version":"v1","source":"https://github.com/canonical/multipass/commit/62fdeed7c43881e918c23a7bd6697d9ac0bbbf05","target":{"file":"src/platform/backends/qemu/qemu_virtual_machine_factory.cpp","function":"delete_virtual_switch"},"deprecated":false,"digest":{"length":331,"function_hash":"315448651978758496632530381635201853042"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}