CVE-2009-0314

EUVD-2009-0318
Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
gnomelibpeas
𝑥
< 0.5.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gedit
bookworm
44.2-1
fixed
bullseye
3.38.1-1
fixed
etch
no-dsa
sid
46.2-3
fixed
trixie
46.2-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gedit
dapper
ignored
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
Common Weakness Enumeration
References
http://bugzilla.gnome.org/show_bug.cgi?id=569214
http://secunia.com/advisories/33759
http://secunia.com/advisories/33769
http://secunia.com/advisories/34522
http://security.gentoo.org/glsa/glsa-200903-41.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:039
http://www.openwall.com/lists/oss-security/2009/01/26/2
http://www.securityfocus.com/bid/33445
https://bugzilla.redhat.com/show_bug.cgi?id=481556
https://exchange.xforce.ibmcloud.com/vulnerabilities/48271
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01195.html
http://bugzilla.gnome.org/show_bug.cgi?id=569214
http://secunia.com/advisories/33759
http://secunia.com/advisories/33769
http://secunia.com/advisories/34522
http://security.gentoo.org/glsa/glsa-200903-41.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:039
http://www.openwall.com/lists/oss-security/2009/01/26/2
http://www.securityfocus.com/bid/33445
https://bugzilla.redhat.com/show_bug.cgi?id=481556
https://exchange.xforce.ibmcloud.com/vulnerabilities/48271
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01195.html