{"id":"CVE-2023-43783","details":"Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible.","modified":"2026-05-19T07:53:36.320340Z","published":"2023-09-22T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/43xxx/CVE-2023-43783.json","cna_assigner":"mitre"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/43xxx/CVE-2023-43783.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43783"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1213985"},{"type":"PACKAGE","url":"https://github.com/falkTX/Cadence"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/10/05/4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/falktx/cadence","events":[{"introduced":"0"},{"fixed":"2187c061bfa60c3b74d9023408b7b6f3325682c5"}]}],"versions":["v0.9.1","v0.9.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-43783.json","vanir_signatures":[{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["249210686644172199810879820993273663544","179197222663657034883179195383085334936","21152985561342251489211478900676992149","260126112507918260720387837423768871687","269094252922245271973119980764760449218","58693407574580258784455017354193869913","23893165627726559034957703166079122138"]},"target":{"file":"c++/xycontroller/xycontroller.cpp"},"id":"CVE-2023-43783-75d31906","source":"https://github.com/falktx/cadence/commit/2187c061bfa60c3b74d9023408b7b6f3325682c5","deprecated":false,"signature_version":"v1"}],"vanir_signatures_modified":"2026-05-19T07:53:36Z"}}],"schema_version":"1.7.5"}