CVE-2017-6512 — Race Condition in Perl

CWE-362 — Race Condition CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition10 documents7 sources

Severity

5.9MEDIUMNVD

OSV7.5

EPSS

0.9%

top 24.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Perl Canonical Ubuntu Linux +1 more

Timeline

PublishedJun 1

Latest updateMay 13

Description

Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/perl< perl 5.24.1-3 (bookworm)

▶Debianperl/perl< 5.24.1-3+3

▶Ubuntuperl/perl< 5.18.2-2ubuntu1.4+1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10

🔴Vulnerability Details

GHSA

GHSA-wf3v-xjg6-86hx: Race condition in the rmtree and remove_tree functions in the File-Path module before 2↗2022-05-13

▶

OSV

perl vulnerabilities↗2018-04-16

▶

OSV

CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2↗2017-06-01

▶

📋Vendor Advisories

Ubuntu

Perl vulnerabilities↗2018-04-17

▶

Ubuntu

Perl vulnerabilities↗2018-04-16

▶

Red Hat

perl-File-Path: rmtree/remove_tree race condition↗2017-05-02

▶

Debian

CVE-2017-6512: perl - Race condition in the rmtree and remove_tree functions in the File-Path module b...↗2017

▶

💬Community

Bugzilla

CVE-2017-6512 perl-File-Path: rmtree/remove_tree race condition↗2017-06-01

▶

Bugzilla

CVE-2017-6512 perl-File-Path: rmtree/remove_tree race condition [fedora-all]↗2017-06-01

▶