CVE-2008-1694 — Link Following in Emacs

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 86.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 22

Latest updateMay 1

Description

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

▶NVDgnu/emacs5 versions+4

GHSA

GHSA-7cqh-9wjj-hhf9: vcdiff in Emacs 20↗2022-05-01

▶

OSV

CVE-2008-1694: vcdiff in Emacs 20↗2008-04-22

▶

CVEList

CVE-2008-1694: vcdiff in Emacs 20↗2008-04-21

▶

Ubuntu

Emacs vulnerabilities↗2008-05-06

▶

Red Hat

emacs insecure /tmp file usage↗2008-04-11

▶

Debian

CVE-2008-1694: xemacs21 - vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to over...↗2008

▶

Bugzilla

CVE-2008-1694 emacs insecure /tmp file usage↗2006-09-28

▶