UBUNTU-CVE-2014-2524

Source
https://ubuntu.com/security/CVE-2014-2524
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-2524.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-2524
Upstream
  • CVE-2014-2524
Published
2014-08-20T14:55:00Z
Modified
2026-04-22T09:37:34.870953Z
Severity
  • Ubuntu - negligible
Summary
[none]
Details

The rltropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

References

Affected packages

Ubuntu:14.04:LTS / readline6

Package

Name
readline6
Purl
pkg:deb/ubuntu/readline6@6.3-4ubuntu2?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*
6.2-9ubuntu1
6.3-1ubuntu1
6.3-1ubuntu2
6.3-4ubuntu1
6.3-4ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "lib32readline6",
            "binary_version": "6.3-4ubuntu2"
        },
        {
            "binary_name": "lib64readline6",
            "binary_version": "6.3-4ubuntu2"
        },
        {
            "binary_name": "libreadline6",
            "binary_version": "6.3-4ubuntu2"
        },
        {
            "binary_name": "libx32readline6",
            "binary_version": "6.3-4ubuntu2"
        },
        {
            "binary_name": "readline-common",
            "binary_version": "6.3-4ubuntu2"
        },
        {
            "binary_name": "rlfe",
            "binary_version": "6.3-4ubuntu2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-2524.json"