A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline() function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the nano application.
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Nano | Gnu | 8.7 (including) | 8.7 (including) |
| Openshift_container_platform | Redhat | 4.0 (including) | 4.0 (including) |
| Enterprise_linux | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux | Redhat | 8.0 (including) | 8.0 (including) |
| Enterprise_linux | Redhat | 9.0 (including) | 9.0 (including) |
| Enterprise_linux | Redhat | 10.0 (including) | 10.0 (including) |
| Nano | Ubuntu | esm-infra/xenial | * |
| Nano | Ubuntu | jammy | * |
| Nano | Ubuntu | noble | * |
| Nano | Ubuntu | questing | * |
| Nano | Ubuntu | resolute | * |