CVE-2017-18018

ADVISORY - nist

Summary

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

EPSS Score⁠: 0.00057 (0.180)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-362⁠

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ADVISORY - redhat

CWE-362⁠

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.