CVE-2010-1160
EPSS 0.04%
Description
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.
How to fix CVE-2010-1160
To remediate CVE-2010-1160, upgrade the affected package to a fixed version below.
- Debian/nano—upgrade to 2.2.4-1 or later
Is CVE-2010-1160 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2.4-1