CVE-2022-48682

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48682
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48682.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48682
Downstream
Published
2024-04-26T01:15:45.900Z
Modified
2025-11-14T14:01:13.575497Z
Severity
  • 6.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.

References

Affected packages

Git / github.com/adrianlopezroche/fdupes

Affected ranges

Type
GIT
Repo
https://github.com/adrianlopezroche/fdupes
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
85680897148f1ac33b55418e00334116e419717f

Affected versions

2.*

2.0.0

fdupes-1.*

fdupes-1.51

v1.*

v1.6.0
v1.6.1

v2.*

v2.1.0
v2.1.1
v2.1.2

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2022-48682-2f1fc75f",
        "source": "https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f",
        "digest": {
            "function_hash": "66276946782525564029140925893441321465",
            "length": 5282.0
        },
        "target": {
            "function": "cmd_prune",
            "file": "ncurses-commands.c"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2022-48682-42cf3ea0",
        "source": "https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f",
        "digest": {
            "function_hash": "224242669906188153200358086264972516622",
            "length": 4422.0
        },
        "target": {
            "function": "deletefiles",
            "file": "fdupes.c"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2022-48682-45d1c6e4",
        "source": "https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f",
        "digest": {
            "function_hash": "308663317291523444026824449103295097469",
            "length": 1043.0
        },
        "target": {
            "function": "deletesuccessor",
            "file": "fdupes.c"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2022-48682-75e896bb",
        "source": "https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "102641205799498772276600074855688541984",
                "90947951897868475452183664347317279750",
                "334981488534288977686142798811761333772",
                "204624448611375161679097207217305807675",
                "227447906578544348519702727425546505901",
                "49731766784731268679960792809274111505",
                "339533184634874401177575895261790910136",
                "312049910976944980126576440562020496775",
                "304275455123742997765078335101087082353",
                "43020324438680105252492209929253910882",
                "154011433445975109000256779768042723432",
                "203768198098143836887002558995273876223",
                "255991903964766518764748724185356792614",
                "79138999965185925434739504169753713968",
                "40754268126333612616955574979195471977",
                "147624034166454125905253863743799109990",
                "306995194011958577276372871014149114027",
                "26548170991197767346213250748868491873",
                "184197921650202388387058502742816638538",
                "187145685497699966671497052819114763410",
                "146912569401061407613215758177088392048",
                "161257066424180180629491969922685491917",
                "41167885610609198797678860116931993750",
                "57349548749380299797077031811751809211",
                "18873153226771957552210788014868070588",
                "218695183080525927570559377509529784286",
                "35482068748854672253854083445858455947",
                "1732455452832996703376264384484875157",
                "274313341876792471884249072911546065595",
                "135217239460320241236892973305139777987"
            ]
        },
        "target": {
            "file": "fdupes.c"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2022-48682-bdf84106",
        "source": "https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "24333797728721812759133033265292985965",
                "4527324001640231821383424516448846947",
                "38346030278067061488283460847522132783",
                "240211517015967107927441733828595862668",
                "297378339918488984895528920564193335986",
                "284245066272566315308398882125461722314",
                "151129935251978217411362146613149985370",
                "185695637264260839867167412201561241459"
            ]
        },
        "target": {
            "file": "ncurses-commands.c"
        },
        "deprecated": false
    }
]