CVE-2023-43782

Name of the Vulnerable Software and Affected Versions Cadence versions through 0.9.2

Description The issue arises from Cadence using an insecure temporary file, /tmp/.cadence-aloop-daemon.x, which can be created by a local adversary before Cadence starts. If the adversary creates this file and then deletes it, Cadence can be disrupted.

Recommendations For versions through 0.9.2, as a temporary workaround, consider restricting access to the /tmp/.cadence-aloop-daemon.x file to prevent local adversaries from deleting it and disrupting Cadence. At the moment, there is no information about a newer version that contains a fix for this vulnerability.