Xypiieo

**Name of the Vulnerable Software and Affected Versions** Libarchive versions 3.6.2 and earlier **Description** The issue is caused by a race condition with the `umask()` call inside `archive write disk posix.c`, which can lead to a permanent umask 0 setting. This can result in implicit directory creation with permissions 0777, allowing any low-privileged local user to delete and rename files inside those directories. The `umask()` function changes the umask of the whole process for a short period, and a race condition with another thread can cause this setting to become permanent. **Recommendations** For Libarchive versions 3.6.2 and earlier, consider updating to a version later than 3.6.2 to resolve the issue. As a temporary workaround, consider restricting access to directories that may be affected by this issue to minimize the risk of exploitation. Additionally, be cautious when using the `archive write disk posix.c` component, as it may be vulnerable to this race condition.