{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-30571", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T14:28:51.957Z", "dateReserved": "2023-04-12T00:00:00", "datePublished": "2023-05-29T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-05-29T00:00:00"}, "descriptions": [{"lang": "en", "value": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://groups.google.com/g/libarchive-announce"}, {"url": "https://github.com/libarchive/libarchive/issues/1876"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:L/I:L/PR:L/S:C/UI:R", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:28:51.957Z"}, "title": "CVE Program Container", "references": [{"url": "https://groups.google.com/g/libarchive-announce", "tags": ["x_transferred"]}, {"url": "https://github.com/libarchive/libarchive/issues/1876", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B32A1BB-6BB8-4D7F-ADCA-62727C4BA74E", "versionEndIncluding": "3.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories."}, {"lang": "es", "value": "Libarchive hasta la versi\u00f3n 3.6.2 puede hacer que los directorios tengan permisos de escritura global. La llamada \"umask()\" dentro del archivo \"archive_write_disk_posix.c\" cambia la m\u00e1scara de usuario de todo el proceso durante un periodo de tiempo muy corto; una condici\u00f3n de carrera con otro hilo puede llevar a un ajuste permanente de la m\u00e1scara de usuario a 0. Tal condici\u00f3n de carrera podr\u00eda llevar a la creaci\u00f3n impl\u00edcita de directorios con permisos 0777, sin el bit adhesivo (\"sticky bit\"), lo que significa que cualquier usuario local con pocos privilegios puede borrar y renombrar archivos dentro de esos directorios. "}], "id": "CVE-2023-30571", "lastModified": "2024-11-21T08:00:26.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 2.7, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-29T20:15:09.513", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://github.com/libarchive/libarchive/issues/1876"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://groups.google.com/g/libarchive-announce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/libarchive/libarchive/issues/1876"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://groups.google.com/g/libarchive-announce"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libarchive: Race condition in multi-threaded use of archive_write_disk_header() on posix based systems", "id": "2210921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210921"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-362", "details": ["Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories."], "name": "CVE-2023-30571", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-05-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-30571\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30571\nhttps://access.redhat.com/solutions/7033331"], "threat_severity": "Moderate"}