High severity7.8NVD Advisory· Published Feb 9, 2018· Updated Jun 17, 2026
CVE-2014-3219
CVE-2014-3219
Description
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords3 versionspkg:rpm/opensuse/fish3&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/fish3&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/fish&distro=openSUSE%20Tumbleweed
< 3.0.0-lp150.3.1+ 2 more
- (no CPE)range: < 3.0.0-lp150.3.1
- (no CPE)range: < 3.0.0-lp151.2.1
- (no CPE)range: < 2.4.0-1.1
Patches
Vulnerability mechanics
References
10- www.openwall.com/lists/oss-security/2014/05/06/3nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2014/09/28/8nvdMailing ListPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryVDB Entry
- github.com/fish-shell/fish-shell/commit/3225d7e169a9edb2f470c26989e7bc8e0d0355cenvdPatchThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2014-May/132751.htmlnvdThird Party Advisory
- security.gentoo.org/glsa/glsa-201412-49.xmlnvdThird Party Advisory
- www.securityfocus.com/bid/67115nvdThird Party AdvisoryVDB Entry
- github.com/fish-shell/fish-shell/issues/1440nvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2019-09/msg00059.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2019-09/msg00071.htmlnvd
News mentions
0No linked articles in our index yet.