MidnightBSD

Advisories for antirez

CVE-2025-9810

TOCTOU  in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
96148269-fe82-4198-b1bf-3a73ce8bc92e 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L 2.5 4.2

Products Affected

Vendor Product Version
antirez linenoise 1.0
antirez linenoise -