SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2023-2976

CVE-2023-2976: Google Guava Information Disclosure Flaw

CVE-2023-2976 is an information disclosure vulnerability in Google Guava affecting versions 1.0 to 31.1. The flaw exposes temporary files to unauthorized users on Unix and Android systems. This article covers technical details and patches.

Updated:

CVE-2023-2976 Overview

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

Critical Impact

Unauthorized file access due to improper directory handling in shared environments.

Affected Products

  • Google Guava 1.0 to 31.1
  • Not Available
  • Not Available

Discovery Timeline

  • 2023-06-14 - CVE CVE-2023-2976 published to NVD
  • 2025-11-03 - Last updated in NVD database

Technical Details for CVE-2023-2976

Vulnerability Analysis

This vulnerability arises from using the default temporary directory for file handling, which can lead files to be accessible by other users on the system. This exposes sensitive data and breaches file confidentiality.

Root Cause

The root cause is the inadequate use of secure directories for temporary file storage within the FileBackedOutputStream class.

Attack Vector

The attack vector is local, where a malicious actor with access to the temporary directory on the same system can potentially access the files created by the vulnerable versions of the Google Guava library.

java
// Example exploitation code (sanitized)
import com.google.common.io.FileBackedOutputStream;

public class VulnerableExample {
    public static void main(String[] args) throws Exception {
        FileBackedOutputStream fbo = new FileBackedOutputStream(1024);
        fbo.write("sensitive data".getBytes());
        // Files created here are placed in an insecure temp directory
    }
}

Detection Methods for CVE-2023-2976

Indicators of Compromise

  • Unusual files found in /tmp or other default temp directories
  • Logs indicating access from unauthorized users
  • Unexpected file readings in shared environments

Detection Strategies

Utilize system auditing tools to track file access events in the /tmp directory and check for anomalies in user access patterns.

Monitoring Recommendations

Implement continuous monitoring of the temporary directories and use alerts for unauthorized file access attempts, focusing on directories known to be used by Java applications.

How to Mitigate CVE-2023-2976

Immediate Actions Required

  • Update to Google Guava version 32.0.1 immediately
  • Restrict access to temporary directories
  • Monitor and audit system logs for abnormal activities

Patch Information

The vulnerability is addressed in Google Guava version 32.0.0, with additional fixes in version 32.0.1 to prevent functionality breaks under Windows.

Workarounds

For systems that cannot be patched immediately, ensure that temporary files are written to a secure directory with restricted access permissions.

bash
# Configuration example
export JAVA_TMP_DIR="/path/to/secure/temp"
java -Djava.io.tmpdir=$JAVA_TMP_DIR -cp yourApp.jar MainClass

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne