Description
In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.
References (4)
Core 4
Core References
Various Sources
https://github.com/adrianlopezroche/fdupes/blob/4b6bcde1b3eb1cebe87cd30814f7d6cf4ee46e95/fdupes.c
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1200381
Scores
CVSS v3
6.0
EPSS
0.0019
EPSS Percentile
9.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-367
Status
published
Published
Apr 26, 2024
Tracked Since
Feb 18, 2026