Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories.
AnalysisAI
csync2 compiled with C99 or later creates insecure temporary directories vulnerable to time-of-check-time-of-use (TOCTOU) attacks, allowing local authenticated users with user interaction to cause denial of service through symlink or directory manipulation. The vulnerability affects OpenSUSE Tumbleweed and requires local access with low privileges and user interaction to exploit.
Technical ContextAI
csync2 is a file synchronization tool that relies on temporary directory creation during operation. When compiled with C99 or later C standards, the temporary directory handling mechanism fails to implement secure, race-condition-resistant creation patterns. The TOCTOU vulnerability class occurs when the code checks for directory existence and then creates it in separate operations, allowing an attacker to inject a symlink or create the directory between the check and the creation, leading to potential denial of service or file manipulation. The vulnerability is specific to compilation with modern C standards, suggesting the code may use standard library functions that changed behavior or the compiler optimization levels that expose timing windows in the temporary file creation sequence.
RemediationAI
Apply the security patch released by SUSE for OpenSUSE Tumbleweed, available through standard package management (zypper update csync2). The fix implements secure temporary directory creation using functions resistant to TOCTOU attacks, such as mkdtemp() with proper error handling or temporary file creation via secure APIs. For systems where immediate patching is not possible, restrict csync2 usage to trusted local users only by removing the binary from PATH for untrusted accounts, or disable csync2 entirely if not actively required. Monitor csync2 process execution and temporary directory activity using auditd or similar tools to detect exploitation attempts. Note that no workaround exists without patching; the vulnerability is inherent to the temporary directory creation logic.
Same technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Low| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 SP4 | Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP5 | Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP6 | Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP7 | Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP7 | Fixed |
| SUSE Linux Enterprise High Availability Extension 16.0 | Fixed |
| SUSE Linux Enterprise High Availability Extension 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| SUSE Linux Enterprise High Availability Extension 12 SP5 | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 SP4 | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 SP5 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise High Availability Extension 12 | Fixed |
| SUSE Linux Enterprise High Availability Extension 12 SP1 | Fixed |
| SUSE Linux Enterprise High Availability Extension 12 SP2 | Fixed |
| SUSE Linux Enterprise High Availability Extension 12 SP3 | Fixed |
| SUSE Linux Enterprise High Availability Extension 12 SP4 | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 SP3 | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 SP6 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap 15.6 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29920
GHSA-7mqw-hr29-pj76