CVE-2023-43783

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 22, 2023

Updated: Oct 26, 2023

CWE ID 668

Summary

CVE-2023-43783: A vulnerability has been identified in Cadence versions up to 0.9.2, released before August 21, 2023. The issue involves an insecure use of the /tmp/cadence-wineasio.reg file. An adversary can exploit this by creating or overwriting files through a symlink attack, even if they have already existed before Cadence started. This vulnerability carries the risk of code injection into the Wine registry in certain kernel configurations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sweegm
https://www.cve.org/CVERecord?id=CVE-2023-43783
https://nvd.nist.gov/vuln/detail/CVE-2023-43783

Back to Vulnerability Database

CVE-2023-43783

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations