Login Sign Up

CVE-2024-29864

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2024-29864 is a command injection vulnerability in Distrobox that allows attackers to execute arbitrary code by injecting malicious commands into exported executables. This affects all users running Distrobox versions before 1.7.0.1. The vulnerability stems from improper input sanitization when handling exported executable files.

💻 Affected Systems

Products:
  • Distrobox
Versions: All versions before 1.7.0.1
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all default installations where exported executables feature is used.

📦 What is this software?

Distrobox by 89luca89

View all CVEs affecting Distrobox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root privileges, allowing attackers to install malware, exfiltrate data, or pivot to other systems.

🟠

Likely Case

Local privilege escalation leading to container escape and host system compromise, potentially affecting all containers managed by Distrobox.

🟢

If Mitigated

Limited impact to isolated containers with proper security boundaries and minimal privileges.

🌐 Internet-Facing: LOW (Distrobox is typically used locally, not exposed to internet)
🏢 Internal Only: HIGH (Attackers with local access can exploit this for privilege escalation)

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the system. Proof of concept available in GitHub issues.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.0.1

Vendor Advisory: https://github.com/89luca89/distrobox/commit/82a69f0a234e73e447d0ea8c8b3443b84fd31944

Restart Required: No

Instructions:

1. Update Distrobox using your package manager or from source. 2. For package managers: 'sudo apt update && sudo apt upgrade distrobox' (adjust for your distro). 3. For source: 'git clone https://github.com/89luca89/distrobox && cd distrobox && sudo make install'.

🔧 Temporary Workarounds

Disable exported executables

linux

Temporarily disable the exported executables feature that contains the vulnerability

export DISTROBOX_DISABLE_EXPORT=1

Remove vulnerable executables

linux

Remove any exported executables created by Distrobox

rm -f ~/.local/bin/distrobox-*
rm -f /usr/local/bin/distrobox-*

🧯 If You Can't Patch

  • Implement strict access controls to limit who can run Distrobox commands
  • Use container isolation with minimal privileges and read-only filesystems where possible

🔍 How to Verify

Check if Vulnerable:

Check Distrobox version: 'distrobox --version'. If version is below 1.7.0.1, you are vulnerable.

Check Version:

distrobox --version

Verify Fix Applied:

After updating, verify version is 1.7.0.1 or higher: 'distrobox --version'

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution patterns from Distrobox processes
  • Suspicious shell commands in container logs

Network Indicators:

  • Unexpected outbound connections from containers
  • Unusual process spawning patterns

SIEM Query:

process.name:distrobox AND (process.cmdline:*;* OR process.cmdline:*&* OR process.cmdline:*|*)

📊 Metadata

CVE ID: CVE-2024-29864
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: March 21, 2024
Last Updated: June 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29864, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)