CVE-2023-43783

Name of the Vulnerable Software and Affected Versions Cadence versions through 0.9.2 2023-08-21

Description The issue arises from Cadence using an insecure temporary file /tmp/cadence-wineasio.reg. If a local adversary creates this file before Cadence starts, Cadence will use it, allowing the adversary to create or overwrite files via a symlink attack. In certain kernel configurations, this can also lead to code injection into the Wine registry.

Recommendations For versions through 0.9.2 2023-08-21, as a temporary workaround, consider restricting access to the /tmp/cadence-wineasio.reg file to minimize the risk of exploitation. Avoid using the filename if it has been created by an external entity before Cadence started. At the moment, there is no information about a newer version that contains a fix for this vulnerability.