{"id":"CVE-2022-48682","details":"In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.","modified":"2026-04-11T23:22:46.236410Z","published":"2024-04-26T01:15:45.900Z","references":[{"type":"WEB","url":"https://github.com/adrianlopezroche/fdupes/blob/4b6bcde1b3eb1cebe87cd30814f7d6cf4ee46e95/fdupes.c"},{"type":"WEB","url":"https://github.com/adrianlopezroche/fdupes/compare/v2.1.2...v2.2.0"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1200381"},{"type":"FIX","url":"https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/adrianlopezroche/fdupes","events":[{"introduced":"0"},{"fixed":"ca3b9dec73ec45c66ad55ebb26c20d12fbb1af19"},{"fixed":"85680897148f1ac33b55418e00334116e419717f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.2.0"}]}}],"versions":["2.0.0","fdupes-1.51","v1.6.0","v1.6.1","v2.1.0","v2.1.1","v2.1.2"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f","signature_type":"Function","target":{"function":"cmd_prune","file":"ncurses-commands.c"},"signature_version":"v1","id":"CVE-2022-48682-2f1fc75f","digest":{"length":5282,"function_hash":"66276946782525564029140925893441321465"},"deprecated":false},{"source":"https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f","signature_type":"Function","target":{"function":"deletefiles","file":"fdupes.c"},"signature_version":"v1","id":"CVE-2022-48682-42cf3ea0","digest":{"length":4422,"function_hash":"224242669906188153200358086264972516622"},"deprecated":false},{"source":"https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f","signature_type":"Function","target":{"function":"deletesuccessor","file":"fdupes.c"},"signature_version":"v1","id":"CVE-2022-48682-45d1c6e4","digest":{"length":1043,"function_hash":"308663317291523444026824449103295097469"},"deprecated":false},{"source":"https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f","signature_type":"Line","target":{"file":"fdupes.c"},"signature_version":"v1","id":"CVE-2022-48682-75e896bb","digest":{"line_hashes":["102641205799498772276600074855688541984","90947951897868475452183664347317279750","334981488534288977686142798811761333772","204624448611375161679097207217305807675","227447906578544348519702727425546505901","49731766784731268679960792809274111505","339533184634874401177575895261790910136","312049910976944980126576440562020496775","304275455123742997765078335101087082353","43020324438680105252492209929253910882","154011433445975109000256779768042723432","203768198098143836887002558995273876223","255991903964766518764748724185356792614","79138999965185925434739504169753713968","40754268126333612616955574979195471977","147624034166454125905253863743799109990","306995194011958577276372871014149114027","26548170991197767346213250748868491873","184197921650202388387058502742816638538","187145685497699966671497052819114763410","146912569401061407613215758177088392048","161257066424180180629491969922685491917","41167885610609198797678860116931993750","57349548749380299797077031811751809211","18873153226771957552210788014868070588","218695183080525927570559377509529784286","35482068748854672253854083445858455947","1732455452832996703376264384484875157","274313341876792471884249072911546065595","135217239460320241236892973305139777987"],"threshold":0.9},"deprecated":false},{"source":"https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f","signature_type":"Line","target":{"file":"ncurses-commands.c"},"signature_version":"v1","id":"CVE-2022-48682-bdf84106","digest":{"line_hashes":["24333797728721812759133033265292985965","4527324001640231821383424516448846947","38346030278067061488283460847522132783","240211517015967107927441733828595862668","297378339918488984895528920564193335986","284245066272566315308398882125461722314","151129935251978217411362146613149985370","185695637264260839867167412201561241459"],"threshold":0.9},"deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48682.json","vanir_signatures_modified":"2026-04-11T23:22:46Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H"}]}