Moderate severityNVD Advisory· Published Jun 14, 2023· Updated Feb 25, 2026
Use of temporary directory for file creation in `FileBackedOutputStream` in Guava
CVE-2023-2976
Description
Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.google.guava:guavaMaven | >= 1.0, < 32.0.0-android | 32.0.0-android |
Affected products
157- osv-coords156 versionspkg:apk/chainguard/cassandra-4.0pkg:apk/chainguard/cassandra-4.0-compatpkg:apk/chainguard/cassandra-4.1pkg:apk/chainguard/cassandra-4.1-compatpkg:apk/chainguard/cassandra-4.1-iamguarded-compatpkg:apk/chainguard/cassandra-fips-4.0pkg:apk/chainguard/cassandra-fips-4.0-compatpkg:apk/chainguard/cassandra-fips-4.1pkg:apk/chainguard/cassandra-fips-4.1-compatpkg:apk/chainguard/cassandra-reaperpkg:apk/chainguard/cassandra-reaper-jre-bcfipspkg:apk/chainguard/celeborn-0.5pkg:apk/chainguard/celeborn-0.6pkg:apk/chainguard/debezium-connector-spanner-3.0pkg:apk/chainguard/druidpkg:apk/chainguard/druid-compatpkg:apk/chainguard/elasticsearch-7pkg:apk/chainguard/elasticsearch-7.17pkg:apk/chainguard/elasticsearch-7.17-iamguardedpkg:apk/chainguard/elasticsearch-7-bitnamipkg:apk/chainguard/elasticsearch-7-iamguardedpkg:apk/chainguard/gradle-8pkg:apk/chainguard/grpc-java-fips-1.56.0pkg:apk/chainguard/grpc-java-fips-1.56.0-m2pkg:apk/chainguard/hadoop-client-modulespkg:apk/chainguard/keycloakpkg:apk/chainguard/keycloak-bitnami-compatpkg:apk/chainguard/keycloak-compatpkg:apk/chainguard/keycloak-fipspkg:apk/chainguard/keycloak-fips-bitnami-compatpkg:apk/chainguard/keycloak-fips-policy-140-2pkg:apk/chainguard/keycloak-fips-policy-140-3pkg:apk/chainguard/mavenpkg:apk/chainguard/maven-stage0pkg:apk/chainguard/spdx-tools-javapkg:apk/chainguard/trinopkg:apk/chainguard/trino-configpkg:apk/chainguard/trino-oci-entrypointpkg:apk/chainguard/trino-plugin-accumulopkg:apk/chainguard/trino-plugin-atoppkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-example-httppkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-geospatialpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kinesispkg:apk/chainguard/trino-plugin-kudupkg:apk/chainguard/trino-plugin-local-filepkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mlpkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-mysql-event-listenerpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-raptor-legacypkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-teradata-functionspkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/wolfi/cassandra-4.1pkg:apk/wolfi/cassandra-4.1-compatpkg:apk/wolfi/cassandra-reaperpkg:apk/wolfi/celeborn-0.5pkg:apk/wolfi/celeborn-0.6pkg:apk/wolfi/debezium-connector-spanner-3.0pkg:apk/wolfi/druidpkg:apk/wolfi/druid-compatpkg:apk/wolfi/gradle-8pkg:apk/wolfi/keycloakpkg:apk/wolfi/keycloak-bitnami-compatpkg:apk/wolfi/keycloak-compatpkg:apk/wolfi/mavenpkg:apk/wolfi/maven-stage0pkg:apk/wolfi/spdx-tools-javapkg:apk/wolfi/trinopkg:apk/wolfi/trino-configpkg:apk/wolfi/trino-oci-entrypointpkg:apk/wolfi/trino-plugin-accumulopkg:apk/wolfi/trino-plugin-atoppkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-example-httppkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-geospatialpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kinesispkg:apk/wolfi/trino-plugin-kudupkg:apk/wolfi/trino-plugin-local-filepkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mlpkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-mysql-event-listenerpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-raptor-legacypkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-teradata-functionspkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:maven/com.google.guava/guavapkg:rpm/opensuse/guava&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/guava&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/guava&distro=openSUSE%20Tumbleweedpkg:rpm/suse/guava&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/guava&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/guava&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/guava&distro=SUSE%20Manager%20Server%20Module%204.3
< 0+ 155 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 4.0.1-r1
- (no CPE)range: < 3.7.1-r1
- (no CPE)range: < 0.5.4-r26
- (no CPE)range: < 0.6.3-r7
- (no CPE)range: < 3.0.4-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 7.17.14-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 8.2.1-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.3.6-r8
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.9.3-r1
- (no CPE)range: < 3.9.12-r0
- (no CPE)range: < 1.1.8-r1
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 4.0.1-r1
- (no CPE)range: < 0.5.4-r26
- (no CPE)range: < 0.6.3-r7
- (no CPE)range: < 3.0.4-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 8.2.1-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.9.3-r1
- (no CPE)range: < 3.9.12-r0
- (no CPE)range: < 1.1.8-r1
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: >= 1.0, < 32.0.0-android
- (no CPE)range: < 32.0.1-150200.3.7.1
- (no CPE)range: < 32.0.1-150200.3.7.1
- (no CPE)range: < 32.0.1-1.1
- (no CPE)range: < 32.0.1-150200.3.7.1
- (no CPE)range: < 32.0.1-150200.3.7.1
- (no CPE)range: < 32.0.1-150200.3.7.1
- (no CPE)range: < 32.0.1-150400.3.3.1
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-7g45-4rm6-3mm3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-2976ghsaADVISORY
- github.com/google/guava/commit/feb83a1c8fd2e7670b244d5afd23cba5aca43284ghsaWEB
- github.com/google/guava/issues/2575ghsaWEB
- github.com/google/guava/issues/6532ghsaWEB
- github.com/google/guava/releases/tag/v32.0.0ghsaWEB
- security.netapp.com/advisory/ntap-20230818-0008ghsaWEB
- security.netapp.com/advisory/ntap-20241108-0002ghsaWEB
- www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.htmlghsaWEB
- security.netapp.com/advisory/ntap-20230818-0008/mitre
News mentions
0No linked articles in our index yet.