CVE-2023-43783
HIGHCadence < 0.9.2 - Symlink Attack via Insecure Temporary File
Title source: llmDescription
Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible.
References (3)
Core 3
Core References
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1213985
Exploit, Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2023/10/05/4
Scores
CVSS v3
7.5
EPSS
0.0061
EPSS Percentile
44.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-668
Status
published
Products (1)
falktx/cadence
< 0.9.2
Published
Sep 22, 2023
Tracked Since
Feb 18, 2026