{
  "version": "1",
  "package": [
    {
      "name": "libcap",
      "layer": "meta",
      "version": "2.69",
      "products": [
        {
          "product": "libcap",
          "cvesInRecord": "Yes"
        }
      ],
      "issue": [
        {
          "id": "CVE-2011-4099",
          "summary": "The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.",
          "scorev2": "4.6",
          "scorev3": "0.0",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2011-4099"
        },
        {
          "id": "CVE-2023-2602",
          "summary": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.",
          "scorev2": "0.0",
          "scorev3": "3.3",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-2602"
        },
        {
          "id": "CVE-2023-2603",
          "summary": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.",
          "scorev2": "0.0",
          "scorev3": "7.8",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-2603"
        },
        {
          "id": "CVE-2025-1390",
          "summary": "The PAM module pam_cap.so of libcap configuration supports group names starting with \u201c@\u201d, during actual parsing, configurations not starting with \u201c@\u201d are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.",
          "scorev2": "0.0",
          "scorev3": "6.1",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2025-1390"
        }
      ]
    }
  ]
}