CVE Vulnerabilities

CVE-2015-7810

Time-of-check Time-of-use (TOCTOU) Race Condition

Published: Nov 22, 2019 | Modified: Nov 21, 2024
CVSS 3.x
4.7
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
3.3 LOW
AV:L/AC:M/Au:N/C:N/I:P/A:P
RedHat/V2
1.9 MODERATE
AV:L/AC:M/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu
LOW

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

Weakness

The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check.

Affected Software

Name Vendor Start Version End Version
Libbluray Videolan * 0.8.0 (excluding)
Libbluray Ubuntu artful *
Libbluray Ubuntu esm-infra-legacy/trusty *
Libbluray Ubuntu precise *
Libbluray Ubuntu trusty *
Libbluray Ubuntu trusty/esm *
Libbluray Ubuntu upstream *
Libbluray Ubuntu vivid *
Libbluray Ubuntu wily *
Libbluray Ubuntu yakkety *
Libbluray Ubuntu zesty *

Potential Mitigations

References