Vulnerability in Eric_m_ludlam Cedet
CVE-2012-0035
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent…
EPSS: 0.040 (88.7th percentile) — read the EPSS interpretation.
Affected products
- Eric_m_ludlam Cedet — versions 1.0
- Gnu Emacs — versions 20.0, 20.1, 20.2
- N/a — versions n/a
References
- [oss-security] 20120109 CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability (mailing-list, x_refsource_MLIST, Patch)
- [cedet-devel] 20120111 CEDET 1.0.1 available online (mailing-list, x_refsource_MLIST)
- 47311 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- 50801 (x_refsource_SECUNIA, third-party-advisory)
- [oss-security] 20120109 Re: Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability (mailing-list, x_refsource_MLIST)
- 47515 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- [cedet-devel] 20120109 Security flaw in EDE (mailing-list, x_refsource_MLIST)
- USN-1586-1 (x_refsource_UBUNTU, vendor-advisory)
- MDVSA-2013:076 (vendor-advisory, x_refsource_MANDRIVA)
- FEDORA-2012-0462 (x_refsource_FEDORA, vendor-advisory)