Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43794
HistoryOct 12, 2023 - 1:19 p.m.

Race Condition

2023-10-1213:19:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
2
libpmix.so
race condition
remote attacker
file ownership

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

51.1%

libpmix.so is vulnerable to Race Conditions. A remote attacker is able to obtain ownership of arbitrary files due to a race conditions when executing the library with a UID of 0.

References

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

51.1%