Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-62 (UNIX硬链接) — Vulnerability Class 2

2 vulnerabilities classified as CWE-62 (UNIX硬链接). AI Chinese analysis included.

CWE-62 represents a logic flaw where software fails to verify if a file path corresponds to a hard link pointing outside its intended control sphere. This weakness typically allows attackers to bypass security restrictions by creating hard links to sensitive system files or unauthorized directories. When the application opens these links without validation, it inadvertently operates on protected resources, potentially leading to privilege escalation, data leakage, or denial of service. Developers mitigate this risk by implementing strict path canonicalization and verifying that resolved file paths remain within expected boundaries before processing. Additionally, using symbolic links instead of hard links can help, as symbolic links are easier to detect and validate. Ensuring that file operations explicitly check for hard link targets prevents unauthorized access to critical system components and maintains the integrity of the application’s security model.

MITRE CWE Description
The product, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. Failure for a system to check for hard links can result in vulnerability to different types of attacks. For example, an attacker can escalate their privileges if a file used by a privileged program is replaced with a hard link to a sensitive file (e.g. /etc/passwd). When the process opens the file, the attacker can assume the privileges of that process.
Common Consequences (1)
Confidentiality, IntegrityRead Files or Directories, Modify Files or Directories
Mitigations (1)
Architecture and DesignFollow the principle of least privilege when assigning access rights to entities in a software system. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CVE IDTitleCVSSSeverityPublished
CVE-2024-36486 Parallels Desktop 安全漏洞 — Parallels Desktop for Mac 7.8 High2025-06-03
CVE-2024-54189 Parallels Desktop 安全漏洞 — Parallels Desktop for Mac 7.8 High2025-06-03

Vulnerabilities classified as CWE-62 (UNIX硬链接) represent 2 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.