CVE-2010-2056 — Link Following in GV

Severity

3.3LOWNVD

EPSS

0.0%

top 87.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJul 22

Latest updateMay 17

Description

GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

▶Debiangv/gv< 1:3.7.1-1+3

▶NVDgnu/gv3.6.9+10

GHSA

GHSA-fc9p-2x28-25pw: GNU gv before 3↗2022-05-17

▶

CVEList

CVE-2010-2056: GNU gv before 3↗2010-07-22

▶

OSV

CVE-2010-2056: GNU gv before 3↗2010-07-22

▶

Red Hat

gv: Insecure (predictable) temporary file use↗2010-05-27

▶

Debian

CVE-2010-2056: gv - GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlin...↗2010

▶

Bugzilla

CVE-2010-2056 gv: Insecure (predictable) temporary file use↗2010-06-03

▶