CVE-2010-0825

CWE-264CWE-119 — Buffer Overflow11 documents8 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 69.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Emacs
Timeline
PublishedApr 5
Latest updateMay 2

Description

lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

â–¶Debianxemacs21< 21.4.22-3.1+1
â–¶NVDgnu/emacs4 versions+3

🔴Vulnerability Details

3
GHSA
GHSA-9x8g-36jg-fvcv: lib-src/movemail↗2022-05-02
â–¶
OSV
CVE-2010-0825: lib-src/movemail↗2010-04-05
â–¶
CVEList
CVE-2010-0825: lib-src/movemail↗2010-04-05
â–¶

📋Vendor Advisories

6
Red Hat
MySQL: Mysqld DoS (crash) by processing joins involving a table with a unique SET column (MySQL BZ#54575)↗2010-07-09
â–¶
Red Hat
MySQL: mysqld DoS (crash) by processing EXPLAIN statements for complex SQL queries (MySQL bug #52711)↗2010-07-09
â–¶
Red Hat
MySQL: mysqld DoS (assertion failure) by alternate reads from two indexes on a table using the HANDLER interface (MySQL bug #54007)↗2010-07-09
â–¶
Red Hat
xemacs: Race condition by moving message from user's inbox into user's Rmail file, when movemail setgid enabled↗2010-03-29
â–¶
Ubuntu
Emacs vulnerability↗2010-03-29
â–¶

💬Community

1
Bugzilla
CVE-2010-0825 emacs, xemacs: Race condition by moving message from user's inbox into user's Rmail file, when movemail setgid enabled↗2010-03-30
â–¶
CVE-2010-0825 (MEDIUM CVSS 4.4) | lib-src/movemail.c in movemail in e | cvebase.io