Unrated severityNVD Advisory· Published Aug 20, 2014· Updated May 6, 2026
CVE-2014-2524
CVE-2014-2524
Description
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
Affected products
19cpe:2.3:a:gnu:readline:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:gnu:readline:*:*:*:*:*:*:*:*range: <=6.3
- cpe:2.3:a:gnu:readline:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:readline:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:readline:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:readline:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:readline:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:readline:4.2:a:*:*:*:*:*:*
- cpe:2.3:a:gnu:readline:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:readline:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:readline:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:readline:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:readline:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:readline:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:readline:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.htmlnvdPatchVendor Advisory
- advisories.mageia.org/MGASA-2014-0319.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.htmlnvdThird Party Advisory
- seclists.org/oss-sec/2014/q1/579nvdMailing ListThird Party Advisory
- seclists.org/oss-sec/2014/q1/587nvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.htmlnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
News mentions
0No linked articles in our index yet.