CVE-2023-2976 Overview
Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
Critical Impact
Unauthorized file access due to improper directory handling in shared environments.
Affected Products
- Google Guava 1.0 to 31.1
- Not Available
- Not Available
Discovery Timeline
- 2023-06-14 - CVE CVE-2023-2976 published to NVD
- 2025-11-03 - Last updated in NVD database
Technical Details for CVE-2023-2976
Vulnerability Analysis
This vulnerability arises from using the default temporary directory for file handling, which can lead files to be accessible by other users on the system. This exposes sensitive data and breaches file confidentiality.
Root Cause
The root cause is the inadequate use of secure directories for temporary file storage within the FileBackedOutputStream class.
Attack Vector
The attack vector is local, where a malicious actor with access to the temporary directory on the same system can potentially access the files created by the vulnerable versions of the Google Guava library.
// Example exploitation code (sanitized)
import com.google.common.io.FileBackedOutputStream;
public class VulnerableExample {
public static void main(String[] args) throws Exception {
FileBackedOutputStream fbo = new FileBackedOutputStream(1024);
fbo.write("sensitive data".getBytes());
// Files created here are placed in an insecure temp directory
}
}
Detection Methods for CVE-2023-2976
Indicators of Compromise
- Unusual files found in /tmp or other default temp directories
- Logs indicating access from unauthorized users
- Unexpected file readings in shared environments
Detection Strategies
Utilize system auditing tools to track file access events in the /tmp directory and check for anomalies in user access patterns.
Monitoring Recommendations
Implement continuous monitoring of the temporary directories and use alerts for unauthorized file access attempts, focusing on directories known to be used by Java applications.
How to Mitigate CVE-2023-2976
Immediate Actions Required
- Update to Google Guava version 32.0.1 immediately
- Restrict access to temporary directories
- Monitor and audit system logs for abnormal activities
Patch Information
The vulnerability is addressed in Google Guava version 32.0.0, with additional fixes in version 32.0.1 to prevent functionality breaks under Windows.
Workarounds
For systems that cannot be patched immediately, ensure that temporary files are written to a secure directory with restricted access permissions.
# Configuration example
export JAVA_TMP_DIR="/path/to/secure/temp"
java -Djava.io.tmpdir=$JAVA_TMP_DIR -cp yourApp.jar MainClass
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
