CVE-2014-3424

CWE-59CWE-3778 documents7 sources
Severity
3.3LOW
EPSS
0.1%
top 66.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU EmacsMageia Project Mageia
Timeline
PublishedMay 8
Latest updateMay 17

Description

lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages3 packages

Ubuntuemacs24< 24.5+1-6ubuntu1
NVDgnu/emacs24.3+24

🔴Vulnerability Details

3
GHSA
GHSA-qq7h-m7f5-5ch5: lisp/net/tramp-sh2022-05-17
CVEList
CVE-2014-3424: lisp/net/tramp-sh2014-05-08
OSV
CVE-2014-3424: lisp/net/tramp-sh2014-05-08

📋Vendor Advisories

2
Red Hat
emacs: multiple temporary file issues2014-05-05
Debian
CVE-2014-3424: xemacs21-packages - lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwri...2014

💬Community

2
Bugzilla
CVE-2014-3423 CVE-2014-3422 CVE-2014-3421 CVE-2014-3424 emacs: multiple temporary file issues [fedora-all]2014-05-08
Bugzilla
CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 emacs: multiple temporary file issues2014-05-08
CVE-2014-3424 (LOW CVSS 3.3) | lisp/net/tramp-sh.el in GNU Emacs 2 | cvebase.io