Lucene search
Alpine Linux Development TeamALPINE:CVE-2023-30571HistoryMay 29, 2023 - 8:15 p.m.
CVE-2023-30571
2023-05-2920:15:00
Alpine Linux Development Team
security.alpinelinux.org
9
libarchive
umask race condition
world-writable
directories
unix
EPSS
0
Percentile
5.1%
Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.18-main | noarch | libarchive | = 3.6.2-r2 | UNKNOWN |
| Alpine | 3.17-main | noarch | libarchive | = 3.6.1-r2 | UNKNOWN |
| Alpine | 3.16-main | noarch | libarchive | = 3.6.1-r1 | UNKNOWN |
| Alpine | 3.15-main | noarch | libarchive | = 3.6.1-r1 | UNKNOWN |
Related
redos
redos
ROS-20230825-03
2023-08-25 00:00:00
veracode
veracode
File Permission Bypass
2023-06-13 16:22:05
prion
prion
Race condition
2023-05-29 20:15:00
osv
osv
CVE-2023-30571
2023-05-29 20:15:09
ubuntucve
ubuntucve
CVE-2023-30571
2023-05-29 00:00:00
cve
cve
CVE-2023-30571
2023-05-29 20:15:09
nvd
nvd
CVE-2023-30571
2023-05-29 20:15:09
f5
f5
K000140953: libarchive vulnerability CVE-2023-30571
2024-09-06 00:00:00
cvelist
cvelist
CVE-2023-30571
2023-05-29 00:00:00
debiancve
debiancve
CVE-2023-30571
2023-05-29 20:15:09
nessus
nessus
RHEL 9 : libarchive (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 6 : libarchive (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 7 : libarchive (Unpatched Vulnerability)
2024-05-11 00:00:00
redhatcve
redhatcve
CVE-2023-30571
2023-05-30 04:40:05