Ed
by GNU
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5357 | Hig | 0.49 | 7.5 | 0.01 | Feb 17, 2017 | regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. | |
| CVE-2008-3916 | 0.00 | — | 0.05 | Sep 4, 2008 | Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component. | ||
| CVE-2006-6939 | 0.00 | — | 0.00 | Jan 17, 2007 | GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. | ||
| CVE-2000-1137 | 0.00 | — | 0.00 | Jan 9, 2001 | GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack. |
- risk 0.49cvss 7.5epss 0.01
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
- CVE-2008-3916Sep 4, 2008risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
- CVE-2006-6939Jan 17, 2007risk 0.00cvss —epss 0.00
GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
- CVE-2000-1137Jan 9, 2001risk 0.00cvss —epss 0.00
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.