CVE-2023-1521

HIGH

sccache < 0.4.0 - LD_PRELOAD Local Privilege Escalation

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-1521. PoCs published by rubbxalc.

AI-analyzed exploit summary This PoC demonstrates a local privilege escalation (LPE) via LD_PRELOAD hijacking, exploiting CVE-2023-1521. The malicious shared library (libpoc.so) creates a file in /tmp as a proof of arbitrary code execution during program initialization.

Description

On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.

Exploits (1)

nomisec WORKING POC
by rubbxalc · poc
https://github.com/rubbxalc/CVE-2023-1521

This PoC demonstrates a local privilege escalation (LPE) via LD_PRELOAD hijacking, exploiting CVE-2023-1521. The malicious shared library (libpoc.so) creates a file in /tmp as a proof of arbitrary code execution during program initialization.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: sccache (versions affected by CVE-2023-1521)
No auth needed
Prerequisites: Local access to the target system · Ability to set LD_PRELOAD environment variable · sccache installed and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory vendor-advisory
https://github.com/advisories/GHSA-x7fr-pg8f-93f5

Scores

CVSS v3 7.8
EPSS 0.0032
EPSS Percentile 55.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-426
Status published
Products (2)
crates.io/sccache 0 - 0.4.0crates.io
mozilla/sccache < 0.4.0
Published Nov 26, 2024
Tracked Since Feb 18, 2026