Vulnerability CVE-2022-48682
Published: 2024-04-26

Description:
In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.

 References:
https://github.com/adrianlopezroche/fdupes/blob/4b6bcde1b3eb1cebe87cd30814f7d6cf4ee46e95/fdupes.c
https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f
https://bugzilla.suse.com/show_bug.cgi?id=1200381
https://github.com/adrianlopezroche/fdupes/compare/v2.1.2...v2.2.0
Copyright 2024, cxsecurity.com

 

Back to Top