CVE-2014-3423

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*
cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:24.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-05-08 10:55

Updated : 2024-02-28 12:20


NVD link : CVE-2014-3423

Mitre link : CVE-2014-3423

CVE.ORG link : CVE-2014-3423


JSON object : View

Products Affected

mageia_project

  • mageia

gnu

  • emacs
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')