CVE-2023-30571 — Race Condition in Libarchive

CWE-362 — Race Condition6 documents6 sources

Severity

5.3MEDIUMNVD

CNA3.9

EPSS

0.0%

top 97.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libarchive Debian Libarchive

Timeline

PublishedMay 29

Description

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:HExploitability: 1.0 | Impact: 4.2

Affected Packages2 packages

▶NVDlibarchive/libarchive3.6.2

▶debiandebian/libarchive

🔴Vulnerability Details

OSV

CVE-2023-30571: Libarchive through 3↗2023-05-29

▶

CVEList

CVE-2023-30571: Libarchive through 3↗2023-05-29

▶

GHSA

GHSA-cw7x-3mv7-w6xm: Libarchive through 3↗2023-05-29

▶

📋Vendor Advisories

Red Hat

libarchive: Race condition in multi-threaded use of archive_write_disk_header() on posix based systems↗2023-05-29

▶

Debian

CVE-2023-30571: libarchive - Libarchive through 3.6.2 can cause directories to have world-writable permission...↗2023

▶