Fluid Attacks Database

Description

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.

The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.16	python3	=3.1.3-r0 \|\| =3.10.0-r0 \|\| =3.10.0-r1 \|\| =3.10.1-r0 \|\| =3.10.10-r0 \|\| =3.10.11-r0 \|\| =3.10.12-r0 \|\| =3.10.13-r0 \|\| =3.10.2-r0 \|\| =3.10.2-r1 \|\| =3.10.3-r0 \|\| =3.10.3-r1 \|\| =3.10.4-r0 \|\| =3.10.5-r0 \|\| =3.10.8-r0 \|\| =3.10.9-r0 \|\| =3.2.0-r0 \|\| =3.2.3-r0 \|\| =3.3.0-r0 \|\| =3.3.2-r0 \|\| =3.3.3-r0 \|\| =3.3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.4.2-r1 \|\| =3.4.3-r1 \|\| =3.4.3-r2 \|\| =3.5.0-r0 \|\| =3.5.1-r0 \|\| =3.5.1-r1 \|\| =3.5.1-r2 \|\| =3.5.1-r3 \|\| =3.5.2-r0 \|\| =3.5.2-r1 \|\| =3.5.2-r10 \|\| =3.5.2-r2 \|\| =3.5.2-r3 \|\| =3.5.2-r4 \|\| =3.5.2-r5 \|\| =3.5.2-r6 \|\| =3.5.2-r7 \|\| =3.5.2-r8 \|\| =3.5.2-r9 \|\| =3.6.0-r0 \|\| =3.6.1-r0 \|\| =3.6.1-r1 \|\| =3.6.1-r2 \|\| =3.6.1-r3 \|\| =3.6.1-r4 \|\| =3.6.2-r0 \|\| =3.6.2-r1 \|\| =3.6.2-r2 \|\| =3.6.2-r3 \|\| =3.6.3-r3 \|\| =3.6.3-r4 \|\| =3.6.3-r5 \|\| =3.6.3-r6 \|\| =3.6.3-r7 \|\| =3.6.3-r8 \|\| =3.6.3-r9 \|\| =3.6.4-r0 \|\| =3.6.4-r1 \|\| =3.6.6-r0 \|\| =3.6.6-r1 \|\| =3.6.6-r2 \|\| =3.6.6-r3 \|\| =3.6.7-r0 \|\| =3.6.8-r0 \|\| =3.6.8-r1 \|\| =3.6.8-r2 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.7.3-r1 \|\| =3.7.4-r0 \|\| =3.7.5-r0 \|\| =3.7.5-r1 \|\| =3.8.0-r0 \|\| =3.8.1-r0 \|\| =3.8.1-r1 \|\| =3.8.1-r2 \|\| =3.8.1-r3 \|\| =3.8.2-r0 \|\| =3.8.2-r1 \|\| =3.8.2-r2 \|\| =3.8.2-r3 \|\| =3.8.2-r4 \|\| =3.8.2-r5 \|\| =3.8.2-r6 \|\| =3.8.2-r7 \|\| =3.8.3-r0 \|\| =3.8.4-r0 \|\| =3.8.5-r0 \|\| =3.8.5-r1 \|\| =3.8.5-r2 \|\| =3.8.6-r0 \|\| =3.8.7-r0 \|\| =3.8.7-r1 \|\| =3.8.7-r2 \|\| =3.8.7-r3 \|\| =3.8.8-r0 \|\| =3.9.1-r0 \|\| =3.9.2-r0 \|\| =3.9.4-r0 \|\| =3.9.5-r0 \|\| =3.9.5-r1 \|\| =3.9.6-r0 \|\| =3.9.6-r1 \|\| =3.9.6-r2 \|\| =3.9.7-r2 \|\| =3.9.7-r3 \|\| =3.9.7-r4 \|\| >=0 <3.10.14-r0	3.10.14-r0
alpine v3.17	python3	=3.1.3-r0 \|\| =3.10.0-r0 \|\| =3.10.0-r1 \|\| =3.10.1-r0 \|\| =3.10.10-r0 \|\| =3.10.11-r0 \|\| =3.10.12-r0 \|\| =3.10.13-r0 \|\| =3.10.2-r0 \|\| =3.10.2-r1 \|\| =3.10.3-r0 \|\| =3.10.3-r1 \|\| =3.10.4-r0 \|\| =3.10.5-r0 \|\| =3.10.5-r1 \|\| =3.10.5-r2 \|\| =3.10.6-r0 \|\| =3.10.6-r1 \|\| =3.10.7-r0 \|\| =3.10.8-r0 \|\| =3.10.8-r1 \|\| =3.10.8-r2 \|\| =3.10.8-r3 \|\| =3.10.9-r0 \|\| =3.10.9-r1 \|\| =3.2.0-r0 \|\| =3.2.3-r0 \|\| =3.3.0-r0 \|\| =3.3.2-r0 \|\| =3.3.3-r0 \|\| =3.3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.4.2-r1 \|\| =3.4.3-r1 \|\| =3.4.3-r2 \|\| =3.5.0-r0 \|\| =3.5.1-r0 \|\| =3.5.1-r1 \|\| =3.5.1-r2 \|\| =3.5.1-r3 \|\| =3.5.2-r0 \|\| =3.5.2-r1 \|\| =3.5.2-r10 \|\| =3.5.2-r2 \|\| =3.5.2-r3 \|\| =3.5.2-r4 \|\| =3.5.2-r5 \|\| =3.5.2-r6 \|\| =3.5.2-r7 \|\| =3.5.2-r8 \|\| =3.5.2-r9 \|\| =3.6.0-r0 \|\| =3.6.1-r0 \|\| =3.6.1-r1 \|\| =3.6.1-r2 \|\| =3.6.1-r3 \|\| =3.6.1-r4 \|\| =3.6.2-r0 \|\| =3.6.2-r1 \|\| =3.6.2-r2 \|\| =3.6.2-r3 \|\| =3.6.3-r3 \|\| =3.6.3-r4 \|\| =3.6.3-r5 \|\| =3.6.3-r6 \|\| =3.6.3-r7 \|\| =3.6.3-r8 \|\| =3.6.3-r9 \|\| =3.6.4-r0 \|\| =3.6.4-r1 \|\| =3.6.6-r0 \|\| =3.6.6-r1 \|\| =3.6.6-r2 \|\| =3.6.6-r3 \|\| =3.6.7-r0 \|\| =3.6.8-r0 \|\| =3.6.8-r1 \|\| =3.6.8-r2 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.7.3-r1 \|\| =3.7.4-r0 \|\| =3.7.5-r0 \|\| =3.7.5-r1 \|\| =3.8.0-r0 \|\| =3.8.1-r0 \|\| =3.8.1-r1 \|\| =3.8.1-r2 \|\| =3.8.1-r3 \|\| =3.8.2-r0 \|\| =3.8.2-r1 \|\| =3.8.2-r2 \|\| =3.8.2-r3 \|\| =3.8.2-r4 \|\| =3.8.2-r5 \|\| =3.8.2-r6 \|\| =3.8.2-r7 \|\| =3.8.3-r0 \|\| =3.8.4-r0 \|\| =3.8.5-r0 \|\| =3.8.5-r1 \|\| =3.8.5-r2 \|\| =3.8.6-r0 \|\| =3.8.7-r0 \|\| =3.8.7-r1 \|\| =3.8.7-r2 \|\| =3.8.7-r3 \|\| =3.8.8-r0 \|\| =3.9.1-r0 \|\| =3.9.2-r0 \|\| =3.9.4-r0 \|\| =3.9.5-r0 \|\| =3.9.5-r1 \|\| =3.9.6-r0 \|\| =3.9.6-r1 \|\| =3.9.6-r2 \|\| =3.9.7-r2 \|\| =3.9.7-r3 \|\| =3.9.7-r4 \|\| >=0 <3.10.14-r0	3.10.14-r0
debian 11	pypy3	=7.3.5+dfsg-2 \|\| =7.3.5+dfsg-2+deb11u1 \|\| =7.3.5+dfsg-2+deb11u2 \|\| >=0 <7.3.5+dfsg-2+deb11u3	7.3.5+dfsg-2+deb11u3
debian 12	pypy3	=7.3.11+dfsg-2 \|\| =7.3.11+dfsg-2+deb12u1 \|\| >=0 <7.3.11+dfsg-2+deb12u2	7.3.11+dfsg-2+deb12u2
debian 13	pypy3	>=0 <7.3.13+dfsg-1	7.3.13+dfsg-1
debian 14	pypy3	>=0 <7.3.13+dfsg-1	7.3.13+dfsg-1
debian 12	python3.11	=3.11.2-6 \|\| =3.11.2-6+deb12u1 \|\| >=0 <3.11.2-6+deb12u2	3.11.2-6+deb12u2
debian 11	python3.9	=3.9.2-1 \|\| =3.9.2-1+deb11u1 \|\| >=0 <3.9.2-1+deb11u2	3.9.2-1+deb11u2
rpm rhel8.8	python3.11	<0:3.11.2-2.el8_8.3	0:3.11.2-2.el8_8.3
rpm rhel8	python3	<0:3.6.8-62.el8_10	0:3.6.8-62.el8_10

1-10 of 18

Aliases

1. CVE-2023-65972. NVD-2023-65973. OSV-ALPINE-2023-65974. OSV-2023-65975. OSV-DEBIAN-2023-65976. SECURITY-CVE-2023-65977. SECURITY-TRACKER-CVE-2023-6597

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.