CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
EPSS
Percentile
5.1%
A vulnerability in the Libarchive library is related to the umask() call inside archive_write_disk_posix.c, which
changes the umask of the entire process for a very short period of time, this results in a permanent setting of
umask 0, which will cause the hidden creation of a directory with permissions 0777 (no fixed bit).
Exploitation of the vulnerability could allow an attacker to delete and rename files within these
directories.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | libarchive | < 3.6.2-1 | UNKNOWN |