CVE-2014-2893
23.04.2014, 15:55
The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.1 |
| llvm | clang | 𝑥 ≤ 3.5 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| llvm-toolchain-3.2 |
| ||||||||||||||||||||||||||||||
| llvm-toolchain-3.3 |
| ||||||||||||||||||||||||||||||
| llvm-toolchain-3.4 |
| ||||||||||||||||||||||||||||||
| llvm-toolchain-3.5 |
| ||||||||||||||||||||||||||||||
| llvm-toolchain-3.6 |
| ||||||||||||||||||||||||||||||
| llvm-toolchain-snapshot |
|
References