CVE-2017-14180

Name: CVE-2017-14180
Creator: NVD / NIST
Published: 2018-02-02T14:29:00.467+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.41%

Last modified Jun 17, 2026

CVE-2017-14180 is a vulnerability of currently unknown severity. Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.. EPSS estimates a 0.41% chance of exploitation in the next 30 days.

Description

Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.

Metrics

EPSS Probability

0.41%

33.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-400

Affected Software

Vendor	Product	Versions
Apport Project	Apport	>= 2.13, <= 2.20.7
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	16.04
Canonical	Ubuntu Linux	17.04
Canonical	Ubuntu Linux	17.10
Canonical	Ubuntu Linux	18.04

References

https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171Issue Tracking, Third Party Advisory
https://launchpad.net/bugs/1726372Issue Tracking, Third Party Advisory
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180Third Party Advisory
https://usn.ubuntu.com/usn/usn-3480-1Third Party Advisory
http://seclists.org/fulldisclosure/2025/Jun/9
https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171Issue Tracking, Third Party Advisory
https://launchpad.net/bugs/1726372Issue Tracking, Third Party Advisory
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180Third Party Advisory
https://usn.ubuntu.com/usn/usn-3480-1Third Party Advisory

Timeline

Published: Feb 2, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-14180?

How severe is CVE-2017-14180?

Severity scoring for CVE-2017-14180 is pending analysis. The EPSS model estimates a 0.41% probability of exploitation in the next 30 days.

How do I fix CVE-2017-14180?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-14180?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST