{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-06T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-04-08T13:57:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"name": "MDVSA-2015:117", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}, {"name": "[emacs-diffs] 20140506 emacs-24 r117067: find-gc.el misc fixes", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3422", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"name": "MDVSA-2015:117", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}, {"name": "http://advisories.mageia.org/MGASA-2014-0250.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"name": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8", "refsource": "CONFIRM", "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}, {"name": "[emacs-diffs] 20140506 emacs-24 r117067: find-gc.el misc fixes", "refsource": "MLIST", "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:43:05.616Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"name": "MDVSA-2015:117", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}, {"name": "[emacs-diffs] 20140506 emacs-24 r117067: find-gc.el misc fixes", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3422", "datePublished": "2014-05-08T10:00:00.000Z", "dateReserved": "2014-05-07T00:00:00.000Z", "dateUpdated": "2024-08-06T10:43:05.616Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BAE0411-D27E-49B6-8F8B-972A2E9985FC", "versionEndIncluding": "24.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*", "matchCriteriaId": "E460F3A1-71DD-4A37-9F17-6B4E5C9A46AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F9D5B3C-7534-4DC6-BE44-91A0031FBA6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EB2E29F-371A-43AB-8CBF-DDFABDB103BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*", "matchCriteriaId": "05F6124D-F3C1-4E4C-B580-85AB01833885", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*", "matchCriteriaId": "9571E866-AB82-4B95-8097-ED0DA038331F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A773690-9650-40E1-BCE3-7E020AF61BCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*", "matchCriteriaId": "26D9A554-CB40-461D-9C95-78051B0CA354", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*", "matchCriteriaId": "0AFE5D6E-1979-4CF2-ACE0-BB6F31F80434", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*", "matchCriteriaId": "7731A395-328A-4435-A388-1419224A4256", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*", "matchCriteriaId": "05BDDB87-0AFF-4BDC-995A-94F221ED3641", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*", "matchCriteriaId": "F9ADBEE6-3B38-4284-B9F8-37F7FFEBDE81", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4389884-70D2-4915-80A7-CFA4A420A024", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA95B19B-F35D-4644-9E75-5A138A960C10", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE5CB6EB-74D8-4CA8-8B86-08E06859E2E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*", "matchCriteriaId": "FC7E9FE5-E87C-440B-A16E-327501BC8977", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*", "matchCriteriaId": "9ADF55EE-0F79-414A-B701-14DDA1C9C3B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*", "matchCriteriaId": "37E5A757-C2C8-49D4-AFCD-156CCF4B7262", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*", "matchCriteriaId": "F1D047EC-2354-430D-B44C-FE8574F7617B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*", "matchCriteriaId": "99B66AEA-D831-4A17-A7D6-4DEDA28985C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*", "matchCriteriaId": "944A2F7B-375B-4466-8A98-934123C209FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*", "matchCriteriaId": "123EF408-7950-4856-8A8D-B5553A0FFF58", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*", "matchCriteriaId": "D9948287-D8A4-4B29-9240-FCD25E73B00D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*", "matchCriteriaId": "ECC26DAB-A671-47BE-84DD-AD0A4CF72079", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:24.2:*:*:*:*:*:*:*", "matchCriteriaId": "38737529-7787-45AD-81FB-8571789BAEDB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*", "matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA", "vulnerable": true}, {"criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*", "matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/."}, {"lang": "es", "value": "lisp/emacs-lisp/find-gc.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un archivo temporal bajo /tmp/esrc/."}], "id": "CVE-2014-3422", "lastModified": "2026-05-06T22:30:45.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-08T10:55:05.310", "references": [{"source": "cve@mitre.org", "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"source": "cve@mitre.org", "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}, {"source": "cve@mitre.org", "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "emacs: multiple temporary file issues", "id": "1095586", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095586"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-377", "details": ["lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/."], "name": "CVE-2014-3422", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-05-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3422\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3422"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}

{}