CVE-2014-2524 in GNU readline
Summary
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
Reservation
03/17/2014
Disclosure
08/20/2014
Entries
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerability | CWE | Exp | Cou | CVE |
|---|---|---|---|---|---|
| 70680 | GNU readline Trace util.c _rl_tropen link following | 59 | Not defined | Official fix | CVE-2014-2524 |