LAYER: meta
PACKAGE NAME: ed
PACKAGE VERSION: 1.20.2
CVE: CVE-2000-1137
CVE STATUS: Patched
CVE SUMMARY: GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
CVSS v2 BASE SCORE: 4.6
CVSS v3 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1137

LAYER: meta
PACKAGE NAME: ed
PACKAGE VERSION: 1.20.2
CVE: CVE-2006-6939
CVE STATUS: Patched
CVE SUMMARY: GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
CVSS v2 BASE SCORE: 4.6
CVSS v3 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6939

LAYER: meta
PACKAGE NAME: ed
PACKAGE VERSION: 1.20.2
CVE: CVE-2008-3916
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename.  NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
CVSS v2 BASE SCORE: 9.3
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3916

LAYER: meta
PACKAGE NAME: ed
PACKAGE VERSION: 1.20.2
CVE: CVE-2017-5357
CVE STATUS: Patched
CVE SUMMARY: regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5357