CVE-2014-2524

NONE
Published Aug 20, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Aug 20, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-59

Affected Products 19

VendorProductVersionRange
mageiamageia3.0any
mageiamageia4.0any
gnureadline* ≤6.3
gnureadline2.1any
gnureadline2.2any
gnureadline4.0any
gnureadline4.1any
gnureadline4.2any
gnureadline4.2any
gnureadline4.3any
gnureadline5.0any
gnureadline5.1any
gnureadline5.2any
gnureadline6.0any
gnureadline6.1any
gnureadline6.2any
opensuseopensuse12.3any
opensuseopensuse13.1any
fedoraprojectfedora20any

References 9

  • advisories.mageia.org http://advisories.mageia.org/MGASA-2014-0319.html
    Third Party Advisory
  • lists.gnu.org http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html
    PatchVendor Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html
    Third Party Advisory
  • seclists.org http://seclists.org/oss-sec/2014/q1/579
    Mailing ListThird Party Advisory
  • seclists.org http://seclists.org/oss-sec/2014/q1/587
    Mailing ListThird Party Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2014:154
    Broken Link
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:132
    Broken Link
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1077023
    Issue Tracking
  • lists.fedoraproject.org https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html
    Third Party Advisory

Remediation

  • lists.gnu.org http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html
    PatchVendor Advisory