INFSA-2024:6837: pcp security update
Information about definition
Identificator: INFSA-2024:6837
Type: security
Release date: 2025-07-15 21:31:16 UTC
Information about package
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.
Vulnerabilities description
- CVE-2024-45769
A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.
- CVE-2024-45770
A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-45769
|
no information | 5.5 | no information |
|
NIST — CVE-2024-45770
|
no information | 4.4 | no information |
Updated packages