CVE-2017-5357

CVE-2017-5357 affects GNU ed: the vulnerability is in regex.c for ed versions before 1.14.1, where a malformed command can trigger an invalid free and cause a denial of service (crash). The provided documents confirm the underlying cause and the resulting impact (availability disruption). Affecte...

CVE-2008-3916

CVE-2008-3916 : Heap-based buffer overflow in the strip_escapes function of GNU ed (signal.c) allows context-dependent or user-assisted code execution via a long filename. Affects ed before 1.0; privilege boundaries may be crossed when ed is invoked as a third-party component. Several vendors rel...

CVE-2006-6939

The CVE-2006-6939 issue affects GNU ed prior to 0.3, where a symlink attack on temporary files (likely in open_sbuf) allows local users to overwrite arbitrary files. Fedora advisories/Fedora updates for ed (e.g., ed 0.3-0.fc6/0.fc5) address this by rebuilding with fixes for CVE-2006-6939. The Ope...

CVE-2000-1137

CVE-2000-1137 affects GNU ed prior to 0.2-18.1. The issue arises from insecure temporary file handling, allowing a local user to influence files owned by others via a symlink attack in world-writable temporary directories. Consequence: potential local file overwrite or access when ed is invoked. ...