CVE-2014-3424
Description
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
Risk Information
Base Score
9.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.138
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in GNU Emacs 20.0 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 20.1 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 20.2 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 20.3 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 20.4 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 20.5 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 20.6 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 21.2.1 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 21.3 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 21 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 22.1 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 20.7 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 21.1 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 21.2 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 21.4 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 21.3.1 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 22.2 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 22.3 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 23.1 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 23.2 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 23.3 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 23.4 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 24.1 | Windows |
| Vulnerabilities CVE-2014-3421,CVE-2014-3422,CVE-2014-3423,CVE-2014-3424 are affected in GNU Emacs 24.2 | Windows |
| Vulnerabilities CVE-2014-3421,CVE-2014-3422,CVE-2014-3423,CVE-2014-3424 are affected in GNU Emacs 24.3 | Windows |
| SUSE-SU-2015:0834-1(SUSE Linux Enterprise Desktop 11 SP3 ) emacs-22.3-4.42.1.x86_64.rpm | Linux |
| SUSE-SU-2015:0834-1(SUSE Linux Enterprise Server 11 SP3 ) emacs-el-22.3-4.42.1.x86_64.rpm | Linux |
| SUSE-SU-2015:0834-1(SUSE Linux Enterprise Desktop 11 SP3 ) emacs-info-22.3-4.42.1.x86_64.rpm | Linux |
| SUSE-SU-2015:0834-1(SUSE Linux Enterprise Server 11 SP3 ) emacs-nox-22.3-4.42.1.x86_64.rpm | Linux |
| SUSE-SU-2015:0834-1(SUSE Linux Enterprise Desktop 11 SP3 ) emacs-x11-22.3-4.42.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234