CVE-2023-2976

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-2976
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2976.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-2976
Aliases
Related
Published
2023-06-14T18:15:09Z
Modified
2024-10-22T05:29:00.637094Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

References

Affected packages

Debian:11 / guava-libraries

Package

Name
guava-libraries
Purl
pkg:deb/debian/guava-libraries?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

29.*

29.0-6

31.*

31.1-1

32.*

32.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / guava-libraries

Package

Name
guava-libraries
Purl
pkg:deb/debian/guava-libraries?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

31.*

31.1-1

32.*

32.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / guava-libraries

Package

Name
guava-libraries
Purl
pkg:deb/debian/guava-libraries?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
32.0.1-1

Affected versions

31.*

31.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/google/guava

Affected ranges

Type
GIT
Repo
https://github.com/google/guava
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed