CVE-2022-48682

medium

Description

In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.

References

https://github.com/adrianlopezroche/fdupes/compare/v2.1.2...v2.2.0

https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f

https://github.com/adrianlopezroche/fdupes/blob/4b6bcde1b3eb1cebe87cd30814f7d6cf4ee46e95/fdupes.c

https://bugzilla.suse.com/show_bug.cgi?id=1200381

Details

Source: Mitre, NVD

Published: 2024-04-26

Updated: 2024-10-27

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:L/AC:H/Au:S/C:N/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 6

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.00015