CPython up to 3.12.2 tempfile.TemporaryDirectory symlink

Summaryinfo

A vulnerability labeled as critical has been found in CPython up to 3.8.18/3.9.18/3.10.13/3.11.8/3.12.2. The impacted element is the function tempfile.TemporaryDirectory. Such manipulation leads to symlink. This vulnerability is referenced as CVE-2023-6597. The attack can only be performed from a local environment. No exploit is available. A patch should be applied to remediate this issue.

Detailsinfo

A vulnerability, which was classified as critical, has been found in CPython up to 3.8.18/3.9.18/3.10.13/3.11.8/3.12.2. Affected by this issue is the function tempfile.TemporaryDirectory. The manipulation with an unknown input leads to a symlink vulnerability. Using CWE to declare the problem leads to CWE-61. The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. Impacted is confidentiality, integrity, and availability. CVE summarizes:

An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

The advisory is available at github.com. This vulnerability is handled as CVE-2023-6597 since 12/07/2023. The exploitation is known to be difficult. Local access is required to approach this attack. Technical details are known, but there is no available exploit.

The vulnerability scanner Nessus provides a plugin with the ID 210518 (Debian dla-3948 : pypy3 - security update), which helps to determine the existence of the flaw in a target environment.

Applying the patch 02a9259c717738dfe6b463c44d7e17f2b6d2cb3a is able to eliminate this problem. The bugfix is ready for download at github.com.

The vulnerability is also documented in the vulnerability database at Tenable (210518). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Programming Language Software

Name

• CPython

Version

• 3.8.0
• 3.8.1
• 3.8.2
• 3.8.3
• 3.8.4
• 3.8.5
• 3.8.6
• 3.8.7
• 3.8.8
• 3.8.9
• 3.8.10
• 3.8.11
• 3.8.12
• 3.8.13
• 3.8.14
• 3.8.15
• 3.8.16
• 3.8.17
• 3.8.18
• 3.9.0
• 3.9.1
• 3.9.2
• 3.9.3
• 3.9.4
• 3.9.5
• 3.9.6
• 3.9.7
• 3.9.8
• 3.9.9
• 3.9.10
• 3.9.11
• 3.9.12
• 3.9.13
• 3.9.14
• 3.9.15
• 3.9.16
• 3.9.17
• 3.9.18
• 3.10.0
• 3.10.1
• 3.10.2
• 3.10.3
• 3.10.4
• 3.10.5
• 3.10.6
• 3.10.7
• 3.10.8
• 3.10.9
• 3.10.10
• 3.10.11
• 3.10.12
• 3.10.13
• 3.11.0
• 3.11.1
• 3.11.2
• 3.11.3
• 3.11.4
• 3.11.5
• 3.11.6
• 3.11.7
• 3.11.8
• 3.12.0
• 3.12.1
• 3.12.2

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion