VDB
ALPINE-CVE-2017-18018
ALPINE-CVE-2017-18018
PUBLISHED
CVSS 4.699999809265137 MEDIUM
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Risk Scores
CVSS v3.0
4.699999809265137
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.8 | coreutils | 7.1-r0, 0, 8.21-r2 |
| Alpine:v3.23 | coreutils | 8.2-r0, 8.19-r0, 8.17-r0 |
| Alpine:v3.20 | coreutils | 8.29-r0, 8.9-r0, 8.8-r0 |
| Alpine:v3.15 | coreutils | 7.4-r0, 7.1-r1, 7.1-r0 |
| Alpine:v3.17 | coreutils | 8.21-r1, 8.19-r0, 8.18-r0 |
| Alpine:v3.9 | coreutils | 8.19-r0, 8.18-r0, 8.17-r0 |
| Alpine:v3.18 | coreutils | 8.9-r0, 0, 7.1-r0 |
| Alpine:v3.13 | coreutils | 7.1-r0, 7.1-r1, 7.4-r0 |
| Alpine:v3.7 | coreutils | 7.6-r0, 8.16-r0, 8.10-r0 |
| Alpine:v3.14 | coreutils | 7.1-r0, 7.1-r1, 7.4-r0 |
| Alpine:v3.10 | coreutils | 8.15-r0, 8.9-r0, 8.8-r0 |
| Alpine:v3.21 | coreutils | 8.8-r0, 8.17-r0, 7.1-r1 |
| Alpine:v3.19 | coreutils | 0, 8.9-r0, 8.8-r0 |
| Alpine:v3.16 | coreutils | 8.9-r0, 0, 7.1-r0 |
| Alpine:v3.22 | coreutils | 0, 8.9-r0, 8.8-r0 |
| Alpine:v3.12 | coreutils | 7.1-r1, 8.9-r0, 8.8-r0 |
| Alpine:v3.11 | coreutils | 0, 7.1-r0, 7.1-r1 |
Timeline
- Jan 4, 2018 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch