CVE-2023-30571

Published: 5/29/2023 Last updated: 1/14/2025 Reserved: 4/12/2023

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	3.9	Low	CVSS:3.1/AC:H/AV:L/A:N/C:L/I:L/PR:L/S:C/UI:R

Opam packages affected (1)

conf-cpio

Products affected (1)

Product	Vendor	Version
n/a	n/a	version 1803 (Core Installation)

References (4)

https://groups.google.com/g/libarchive-announce
https://github.com/libarchive/libarchive/issues/1876
https://groups.google.com/g/libarchive-announce
https://github.com/libarchive/libarchive/issues/1876