CVE-2022-48682: Toctou Cached Path Deletion
Deleting a file using a cached path from a structure (e.g., struct dirent `d_name`) without validating its metadata immediately prior can lead to Time-of-Check to Time-of-Use (TOCTOU) race conditions. An attacker could swap the path with a symlink targeting arbitrary files before the deletion occurs (CVE-2022-48682). Verify the file matches cached properties
Cβgreprules fetch cve-2022-48682-toctou-cached-path-deletion --engine opengrepDescription
Deleting a file using a cached path from a structure (e.g., struct dirent `d_name`) without validating its metadata immediately prior can lead to Time-of-Check to Time-of-Use (TOCTOU) race conditions. An attacker could swap the path with a symlink targeting arbitrary files before the deletion occurs (CVE-2022-48682). Verify the file matches cached properties
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0