CVE Record: CVE-2023-2976

Required CVE Record Information

Description

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

CVSS 1 Total

Learn more

Score	Severity	Version	Vector String
5.5	MEDIUM	3.1	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Product Status

Learn more

Versions 1 Total

Default Status: unaffected

affected

References 3 Total

Updated: 2024-08-02

This container includes required additional information provided by the CVE Program for this vulnerability.

References 3 Total

https://github.com/google/guava/issues/2575
external site
x_transferred
https://security.netapp.com/advisory/ntap-20230818-0008/
external site
x_transferred
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Google LLC

Description

CVSS 1 Total

Product Status

References 3 Total

CVE Program

References 3 Total