Home > Vulnerability Database > CVE-2023-2976

Mend.io Vulnerability Database

CVE-2023-2976

Good to know:

Date: June 14, 2023

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

Language: Java

Severity Score

7.1

Related Resources (6)

Url: https://github.com/google/guava/issues/2575

Url: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-2976

Url: https://access.redhat.com/security/cve/CVE-2023-2976

Url: https://security.netapp.com/advisory/ntap-20230818-0008/

Url: https://www.mend.io/vulnerability-database/CVE-2023-2976

Severity Score

7.1

Weakness Type (CWE)

Files or Directories Accessible to External Parties

CWE-552

Top Fix

Upgrade Version

Upgrade to version com.google.guava:guava:32.0.1-android,32.0.1-jre

Learn More

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-2976

Good to know:

Date: June 14, 2023

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?