{"id":"CVE-2016-3067","details":"Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.","modified":"2026-04-10T03:50:53.094916Z","published":"2017-04-21T20:59:00.633Z","references":[{"type":"WEB","url":"https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=205862ed08649df8f50b926a2c58c963f571b044"},{"type":"ADVISORY","url":"https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html"},{"type":"ADVISORY","url":"https://cygwin.com/ml/cygwin-announce/2016-04/msg00020.html"},{"type":"ADVISORY","url":"https://cygwin.com/ml/cygwin-announce/2016-04/msg00054.html"},{"type":"ADVISORY","url":"https://cygwin.com/ml/cygwin/2016-02/msg00129.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cygwin/cygwin","events":[{"introduced":"0"},{"fixed":"61f181d6b872e6f37b04fed790fa903a312a3795"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.5.0"}]}}],"versions":["binu_ss_19990502","cygwin-2_0_0-release","cygwin-2_0_1-release","cygwin-2_0_2-release","cygwin-2_0_3-release","cygwin-2_0_4-release","cygwin-2_1_0-release","cygwin-2_2_0-release","cygwin-2_2_1-release","cygwin-2_3_0-release","cygwin-2_3_1-relase","cygwin-2_3_1-release","cygwin-2_4_0-release","cygwin-2_4_1-release","cygwin-2_5_0-release","cygwin-2_5_1-release","cygwin-2_5_2-release","cygwin-2_6_0-release","cygwin-2_6_1-release","newlib-2_3_0","newlib-2_4_0","newlib-snapshot-20150526","newlib-snapshot-20150623","newlib-snapshot-20150723","newlib-snapshot-20150824","newlib-snapshot-20150924","newlib-snapshot-20151023","newlib-snapshot-20160104","newlib-snapshot-20160226","newlib-snapshot-20160527","newlib-snapshot-20160923"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3067.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.4.1-1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}