Description
Cadence through 0.9.2 2023-08-21 uses an Insecure
/tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it
has been created by a local adversary before Cadence started. The
adversary can then delete the file, disrupting Cadence. (CVE-2023-43782)
Cadence through 0.9.2 2023-08-21 uses an Insecure
/tmp/cadence-wineasio.reg Temporary File. The filename is used even if
it has been created by a local adversary before Cadence started. The
adversary can leverage this to create or overwrite files via a symlink
attack. In some kernel configurations, code injection into the Wine
registry is possible. (CVE-2023-43783)