Lucene search
Ubuntu.comUB:CVE-2014-3422HistoryMay 08, 2014 - 12:00 a.m.
CVE-2014-3422
2014-05-0800:00:00
ubuntu.com
ubuntu.com
10
0.0004 Low
EPSS
Percentile
5.2%
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users
to overwrite arbitrary files via a symlink attack on a temporary file under
/tmp/esrc/.
Bugs
Notes
| Author | Note |
|---|---|
| seth-arnold | The xemacs21-packages code looked very different; the esrc comment looks out-dated. I’m marking these not-affected because it looked safe to me but review by an emacs expert would be welcome. |
References
debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8
lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html
openwall.com/lists/oss-security/2014/05/07/7
launchpad.net/bugs/cve/CVE-2014-3422
nvd.nist.gov/vuln/detail/CVE-2014-3422
security-tracker.debian.org/tracker/CVE-2014-3422
www.cve.org/CVERecord?id=CVE-2014-3422
Related
debiancve
debiancve
CVE-2014-3422
2014-05-08 10:55:00
prion
prion
Code injection
2014-05-08 10:55:00
cvelist
cvelist
CVE-2014-3422
2014-05-08 10:00:00
cve
cve
CVE-2014-3422
2014-05-08 10:55:00
nessus
nessus
EulerOS 2.0 SP3 : emacs (EulerOS-SA-2022-1714)
2022-05-26 00:00:00
Mandriva Linux Security Advisory : emacs (MDVSA-2014:118)
2014-06-11 00:00:00
EulerOS 2.0 SP5 : emacs (EulerOS-SA-2022-1528)
2022-04-25 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2022-1714)
2022-05-25 00:00:00
Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2022-1528)
2022-04-25 00:00:00
Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2022-2494)
2022-10-10 00:00:00
mageia
mageia
Updated emacs packages fix CVE-2014-3421-4
2014-06-06 09:47:18
kaspersky
kaspersky
KLA10169 WLF vulnerability in Emacs
2014-05-08 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: emacs-24.3-17.fc20
2014-05-29 23:29:06
rosalinux
rosalinux
Advisory ROSA-SA-2021-1828
2021-07-02 16:39:27
securityvulns
securityvulns
GNU Emacs
2014-05-10 00:00:00