Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-9810

Опубликовано: 01 сент. 2025
Источник: redhat
CVSS3: 6.8

Описание

TOCTOU  in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path.

A time-of-check to time-of-use (TOCTOU) race condition exists in linenoise's linenoiseHistorySave() function, where the history file is first opened with fopen("w") and subsequently modified with chmod(). This vulnerability allows a local attacker to manipulate a symbolic link between these two operations: first, pointing the symlink to a sensitive file at the time of opening, and then switching it to another file before the permission change. This flaw allows arbitrary file overwrite or unintended permission modifications.

Отчет

This vulnerability allows a local, unauthenticated attacker to race linenoiseHistorySave() and overwrite arbitrary files with the calling process’s privileges or change permissions on unrelated files, potentially disrupting system integrity and availability. While the confidentiality impact is none, the integrity impact is high and the availability impact is low, yielding a Moderate severity of CVSS 6.8. Downstream tools that embed linenoise, such as redis-cli, are affected when writing history to attacker-controllable locations.

Меры по смягчению последствий

No mitigation is currently available that meets Red Hat Product Security's standards for usability, deployment, applicability, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10valkeyFix deferred
Red Hat Enterprise Linux 8redis:6/redisOut of support scope
Red Hat Enterprise Linux 9redisFix deferred
Red Hat Enterprise Linux 9redis:7/redisFix deferred
Red Hat Enterprise Linux 9valkeyFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-367
https://bugzilla.redhat.com/show_bug.cgi?id=2392437linenoise: TOCTOU race in Linenoise enables arbitrary file overwrite and permission changes

6.8 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-9810

CVSS3: 6.8
nvd
16 дней назад

TOCTOU  in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path.

debian логотип

CVE-2025-9810

CVSS3: 6.8
debian
16 дней назад

TOCTOU in linenoiseHistorySavein linenoiseallows local attackers to ov ...

6.8 Medium

CVSS3