CVE-2022-48682

low-risk
Published 2024-04-26

In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.0/10 Medium
LOCAL / HIGH complexity

References (8)

https://bugzilla.suse.com/show_bug.cgi?id=1200381
https://github.com/adrianlopezroche/fdupes/blob/4b6bcde1b3eb1cebe87cd30814f7d6cf...
https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e003341...
https://github.com/adrianlopezroche/fdupes/compare/v2.1.2...v2.2.0
https://bugzilla.suse.com/show_bug.cgi?id=1200381
https://github.com/adrianlopezroche/fdupes/blob/4b6bcde1b3eb1cebe87cd30814f7d6cf...
https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e003341...
https://github.com/adrianlopezroche/fdupes/compare/v2.1.2...v2.2.0
21
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal