CVE-2014-3422

CWE-59 CWE-3778 documents7 sources

Severity

3.3LOW

EPSS

0.1%

top 66.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Emacs Mageia Project Mageia

Timeline

PublishedMay 8

Latest updateMay 17

Description

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages3 packages

▶Ubuntuemacs24< 24.5+1-6ubuntu1

▶NVDgnu/emacs24.3+24

▶NVDmageia_project/mageia3, 4+1

🔴Vulnerability Details

GHSA

GHSA-8pgq-966c-5f7q: lisp/emacs-lisp/find-gc↗2022-05-17

▶

CVEList

CVE-2014-3422: lisp/emacs-lisp/find-gc↗2014-05-08

▶

OSV

CVE-2014-3422: lisp/emacs-lisp/find-gc↗2014-05-08

▶

📋Vendor Advisories

Red Hat

emacs: multiple temporary file issues↗2014-05-05

▶

Debian

CVE-2014-3422: xemacs21-packages - lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to o...↗2014

▶

💬Community

Bugzilla

CVE-2014-3423 CVE-2014-3422 CVE-2014-3421 CVE-2014-3424 emacs: multiple temporary file issues [fedora-all]↗2014-05-08

▶

Bugzilla

CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 emacs: multiple temporary file issues↗2014-05-08

▶