Gnu Ed vulnerabilities

CVE-2017-5357 [HIGH] CWE-416 CVE-2017-5357: regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malforme regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.

CVE-2008-3916 [CRITICAL] CWE-119 CVE-2008-3916: Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows con Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.

CVE-2006-6939 [MEDIUM] CVE-2006-6939: GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.

CVE-2000-1137 [MEDIUM] CVE-2000-1137: GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.