CVE-2016-8605

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-8605
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8605.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-8605
Related
Published
2017-01-12T22:59:00Z
Modified
2024-08-01T08:30:38.831302Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.

References

Affected packages

Alpine:v3.4 / guile

Package

Name
guile
Purl
pkg:apk/alpine/guile?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.11-r3

Affected versions

1.*

1.8.7-r0
1.8.7-r1
1.8.7-r2
1.8.7-r3
1.8.7-r4
1.8.8-r0
1.8.8-r1
1.8.8-r2

2.*

2.0.11-r0
2.0.11-r1
2.0.11-r2