{"id":"CVE-2023-1521","details":"On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD.\n\n\nIf the server is run as root (which is the default when installing the  snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.","aliases":["GHSA-x7fr-pg8f-93f5"],"modified":"2026-04-10T04:54:22.579367Z","published":"2024-11-26T12:15:18.203Z","related":["SUSE-SU-2023:2637-1","SUSE-SU-2023:3526-1"],"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-x7fr-pg8f-93f5"},{"type":"EVIDENCE","url":"https://securitylab.github.com/advisories/GHSL-2023-046_ScCache"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1521.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"0.4.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}