CVE-2010-4337

CWE-596 documents5 sources

Severity

3.3LOW

EPSS

0.0%

top 91.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Gnash

Timeline

PublishedJan 14

Latest updateMay 17

Description

The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages2 packages

▶Ubuntugnash< 0.8.11~git20130903-3ubuntu1+1

▶NVDgnu/gnash0.8.8

🔴Vulnerability Details

GHSA

GHSA-fh37-hpvh-9h6c: The configure script in gnash 0↗2022-05-17

▶

OSV

CVE-2010-4337: The configure script in gnash 0↗2011-01-14

▶

CVEList

CVE-2010-4337: The configure script in gnash 0↗2011-01-14

▶

💬Community

Bugzilla

CVE-2010-4337 gnash: symlink attack via configure script [fedora-all]↗2011-01-15

▶

Bugzilla

CVE-2010-4337 gnash: symlink attack via configure script↗2011-01-15

▶