VYPR
Unrated severityNVD Advisory· Published Aug 20, 2014· Updated Jun 17, 2026

CVE-2014-2524

CVE-2014-2524

Description

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

22
  • GNU/Readline15 versions
    cpe:2.3:a:gnu:readline:*:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:gnu:readline:*:*:*:*:*:*:*:*range: <=6.3
    • cpe:2.3:a:gnu:readline:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:readline:2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:readline:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:readline:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:readline:4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:readline:4.2:a:*:*:*:*:*:*
    • cpe:2.3:a:gnu:readline:4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:readline:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:readline:5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:readline:5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:readline:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:readline:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:readline:6.2:*:*:*:*:*:*:*
    • (no CPE)range: <6.3p3
  • cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
  • Mageia/Mageia2 versions
    cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE2 versions
    cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • osv-coords2 versions
    < 7.0-92.1+ 1 more
    • (no CPE)range: < 7.0-92.1
    • (no CPE)range: < 7.1.5_k4.8.13_1-3.51

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.