VDB
DEBIAN-CVE-2024-5742
DEBIAN-CVE-2024-5742
PUBLISHED
CVSS 6.699999809265137 MEDIUM
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
Risk Scores
CVSS v3.1
6.699999809265137
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | nano | 5.4-2, 0, 5.4-2+deb11u2 |
| Debian:14 | nano | 0, 0 |
| Debian:13 | nano | 0, 0 |
| Debian:12 | nano | 0, 7.2-1, 0 |
Timeline
- Jun 12, 2024 CVE Published
- Apr 28, 2026 CVE Updated