CVE-2023-1521

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions sccache versions prior to 0.4.0

Description The sccache client can execute arbitrary code with the privileges of a local sccache server by preloading the code in a shared library passed to LD PRELOAD. If the server is run as root, which is the default when installing the snap package, this means a user running the sccache client can get root privileges.

Recommendations Upgrade to version 0.4.0 As a temporary workaround, do not run the sccache server as root.

Exploit

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2023-1521

GHSA-X7FR-PG8F-93F5

OPENSUSE-SU-2023_2637-1

OPENSUSE-SU-2023_3526-1

SUSE-SU-2023:2637-1

SUSE-SU-2023:3526-1

Affected Products

Debian

Suse

Sccache

CVE-2023-1521

Weakness Enumeration

Related Identifiers

Affected Products

References · 30