Vulnerability in Gnu Emacs
CVE-2014-3422
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
EPSS: 0.001 (30.1th percentile) — read the EPSS interpretation.
Affected products
- Gnu Emacs — versions 20.0, 20.1, 20.2
- Mageia_project Mageia — versions 3, 4
- N/a — versions n/a
Weakness classification (CWE)
References
- [oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs (mailing-list, x_refsource_MLIST)
- MDVSA-2015:117 (vendor-advisory, x_refsource_MANDRIVA)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM)
- [emacs-diffs] 20140506 emacs-24 r117067: find-gc.el misc fixes (mailing-list, x_refsource_MLIST)