CVE-2013-2035 — Improper Control of Generation of Code in HawtJNI

Description

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.

How to fix CVE-2013-2035

To remediate CVE-2013-2035, upgrade the affected package to a fixed version below.

Debian/hawtjni—upgrade to 1.10-1 or later
Maven/org.fusesource.hawtjni:hawtjni-runtime—upgrade to 1.8 or later

Is CVE-2013-2035 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 1.10-1
from 0, < 1.8

References (16)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-2035
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-2035
WEBrhn.redhat.com/errata/RHSA-2013-1029.html
WEBrhn.redhat.com/errata/RHSA-2013-1784.html
WEB