CVE-2023-0778
published 2023-03-27CVE-2023-0778: A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while…
medium6.8CVSS 3.1
AVNACHPRLUINSUCHIHAN
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libpod | < libpod 4.3.1+ds1-7 (bookworm) | libpod 4.3.1+ds1-7 (bookworm) |
| github.com | containers_podman_v4 | >= 0 < 4.4.2 | 4.4.2 |
| libpod_project | libpod | >= 0 < 4.3.1+ds1-7 | 4.3.1+ds1-7 |
| msrc | cbl2_cri-o_1.22.3-10_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_cri-o_1.22.3-14_on_cbl_mariner_2.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
osv6.8MEDIUM
OSV
Time-of-check time-of-use race condition in github.com/containers/podman/v4
osv·2023-04-03
CVE-2023-0778 Time-of-check time-of-use race condition in github.com/containers/podman/v4
Time-of-check time-of-use race condition in github.com/containers/podman/v4
A Time-of-check Time-of-use (TOCTOU) flaw appears in this version of podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
GHSA
Podman Time-of-check Time-of-use (TOCTOU) Race Condition
ghsa·2023-03-27
CVE-2023-0778 [MEDIUM] CWE-367 Podman Time-of-check Time-of-use (TOCTOU) Race Condition
Podman Time-of-check Time-of-use (TOCTOU) Race Condition
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
OSV
CVE-2023-0778: A Time-of-check Time-of-use (TOCTOU) flaw was found in podman
osv·2023-03-27·CVSS 6.8
CVE-2023-0778 [MEDIUM] CVE-2023-0778: A Time-of-check Time-of-use (TOCTOU) flaw was found in podman
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
OSV
Podman Time-of-check Time-of-use (TOCTOU) Race Condition
osv·2023-03-27
CVE-2023-0778 [MEDIUM] Podman Time-of-check Time-of-use (TOCTOU) Race Condition
Podman Time-of-check Time-of-use (TOCTOU) Race Condition
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
Microsoft
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access
vendor_msrc·2023-03-14·CVSS 6.8
CVE-2023-0778 [MEDIUM] CWE-367 A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additiona
Red Hat
podman: symlink exchange attack in podman export volume
vendor_redhat·2023-02-15·CVSS 6.8
CVE-2023-0778 [MEDIUM] CWE-367 podman: symlink exchange attack in podman export volume
podman: symlink exchange attack in podman export volume
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
Package: podman (Red Hat Enterprise Linux 7) - Out of support scope
Package: container-tools:3.0/podman (Red Hat Enterprise Linux 8) - Not affected
Package: podman (Red Hat Enterprise Linux 9) - Affected
Package: podman (Red Hat OpenShift Container
Debian
CVE-2023-0778: libpod - A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may al...
vendor_debian·2023·CVSS 6.8
CVE-2023-0778 [MEDIUM] CVE-2023-0778: libpod - A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may al...
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
Scope: local
bookworm: resolved (fixed in 4.3.1+ds1-7)
bullseye: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-27
Published