Unrated severityNVD Advisory· Published Jun 12, 2024· Updated Nov 21, 2025
Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file
CVE-2024-5742
Description
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords6 versionspkg:rpm/almalinux/nanopkg:rpm/opensuse/nano&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/nano&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/nano&distro=openSUSE%20Tumbleweedpkg:rpm/suse/nano&distro=SUSE%20Package%20Hub%2015%20SP5pkg:rpm/suse/nano&distro=SUSE%20Package%20Hub%2015%20SP6
< 2.9.8-3.el8_10+ 5 more
- (no CPE)range: < 2.9.8-3.el8_10
- (no CPE)range: < 7.2-bp156.3.3.1
- (no CPE)range: < 7.2-bp156.3.3.1
- (no CPE)range: < 8.0-2.1
- (no CPE)range: < 7.2-bp156.3.3.1
- (no CPE)range: < 7.2-bp156.3.3.1
Patches
Vulnerability mechanics
References
4- access.redhat.com/errata/RHSA-2024:6986mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:9430mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2024-5742mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.