VYPR
High severityNVD Advisory· Published Nov 26, 2024· Updated Nov 26, 2024

Local Privilege Escalation in sccache

CVE-2023-1521

Description

On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD.

If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
sccachecrates.io
< 0.4.00.4.0

Affected products

12

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.