{"id":"CVE-2022-25643","details":"seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.","modified":"2026-04-11T22:01:34.757495Z","published":"2022-02-24T15:15:32.133Z","related":["openSUSE-SU-2024:11875-1"],"references":[{"type":"ADVISORY","url":"https://github.com/kennylevinsen/seatd/compare/0.6.3...0.6.4"},{"type":"ADVISORY","url":"https://github.com/kennylevinsen/seatd/tags"},{"type":"ADVISORY","url":"https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25643"},{"type":"FIX","url":"https://github.com/kennylevinsen/seatd/commit/10658dc5439db429af0088295a051c53925a4416"},{"type":"FIX","url":"https://github.com/kennylevinsen/seatd/commit/7cffe0797fdb17a9c08922339465b1b187394335"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kennylevinsen/seatd","events":[{"introduced":"3ad9164a896eacffd27588f5b1fd6ea3e0bcd92d"},{"fixed":"df13d03f9cfd0dc0c2b3298cd0e5eb4e4a10835e"},{"fixed":"10658dc5439db429af0088295a051c53925a4416"},{"fixed":"7cffe0797fdb17a9c08922339465b1b187394335"}],"database_specific":{"versions":[{"introduced":"0.6.0"},{"fixed":"0.6.4"}]}}],"versions":["0.6.0","0.6.1","0.6.2","0.6.3"],"database_specific":{"vanir_signatures":[{"target":{"file":"seatd-launch/seatd-launch.c"},"source":"https://github.com/kennylevinsen/seatd/commit/10658dc5439db429af0088295a051c53925a4416","deprecated":false,"id":"CVE-2022-25643-20b28f98","digest":{"threshold":0.9,"line_hashes":["62883726330063925292959293215789704425","39333791285992616658521980421219006655","334191234334548614446221313768525467332","245329870335235198700542873439017283392","205616032534890444612541076778068273826","328730271151717473539494469057975192779","185590913253645518958966357839448166418","154256192354667556565811148126360626961","324546817450199795223853431018938717776","36304462118301466837806222170501076990","166097240514222773733488022391475693218","152228686696997748542766862074084131246","257224412124868485622357987664179224547","34526154519265002525877201020641257408","255427057108738170372119395617641689291","56540596929896550175765095402962770880","298868048499205066983765272609542696134","230175880307342141042659713586611653872","52519289679802340916109617257507968989"]},"signature_type":"Line","signature_version":"v1"},{"target":{"function":"main","file":"seatd-launch/seatd-launch.c"},"source":"https://github.com/kennylevinsen/seatd/commit/7cffe0797fdb17a9c08922339465b1b187394335","deprecated":false,"id":"CVE-2022-25643-58580dc1","digest":{"length":3875,"function_hash":"307218132424454286505371387300280139909"},"signature_type":"Function","signature_version":"v1"},{"target":{"function":"main","file":"seatd-launch/seatd-launch.c"},"source":"https://github.com/kennylevinsen/seatd/commit/10658dc5439db429af0088295a051c53925a4416","deprecated":false,"id":"CVE-2022-25643-6040f219","digest":{"length":3763,"function_hash":"106968009914228725579696027296241171281"},"signature_type":"Function","signature_version":"v1"},{"target":{"file":"seatd-launch/seatd-launch.c"},"source":"https://github.com/kennylevinsen/seatd/commit/7cffe0797fdb17a9c08922339465b1b187394335","deprecated":false,"id":"CVE-2022-25643-d37dbebf","digest":{"threshold":0.9,"line_hashes":["62883726330063925292959293215789704425","39333791285992616658521980421219006655","334191234334548614446221313768525467332","245329870335235198700542873439017283392","205616032534890444612541076778068273826","328730271151717473539494469057975192779","185590913253645518958966357839448166418","154256192354667556565811148126360626961","324546817450199795223853431018938717776","36304462118301466837806222170501076990","166097240514222773733488022391475693218","152228686696997748542766862074084131246","257224412124868485622357987664179224547","34526154519265002525877201020641257408","255427057108738170372119395617641689291","56540596929896550175765095402962770880","162110539219312074074663094958733623347","46790672917149404035535454117634074126","147956451304967070187777787725505218215"]},"signature_type":"Line","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T22:01:34Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25643.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}