CVE-2010-1160

CWE-598 documents7 sources

Severity

1.9LOW

EPSS

0.0%

top 86.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Nano

Timeline

PublishedApr 16

Latest updateMay 2

Description

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.

CVSS vector

AV:L/AC:M/C:N/I:P/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages2 packages

▶Debiannano< 2.2.4-1+3

▶NVDgnu/nano2.2.3+140

🔴Vulnerability Details

GHSA

GHSA-9v2x-x2qc-4cfg: GNU nano before 2↗2022-05-02

▶

CVEList

CVE-2010-1160: GNU nano before 2↗2010-04-16

▶

OSV

CVE-2010-1160: GNU nano before 2↗2010-04-16

▶

📋Vendor Advisories

Red Hat

nano: multiple file editing insecurities↗2010-04-02

▶

Debian

CVE-2010-1160: nano - GNU nano before 2.2.4 does not verify whether a file has been changed before it ...↗2010

▶

💬Community

Bugzilla

CVE-2010-1160, CVE-2010-1161 nano: multiple file editing insecurities [fedora-all]↗2010-04-15

▶

Bugzilla

CVE-2010-1160 CVE-2010-1161 nano: multiple file editing insecurities↗2010-04-14

▶