Описание
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.
A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file.
Отчет
This vulnerability is only triggered when a local user introduces untrusted input, via a file with a crafted name. For this reason, this flaw has been rated with a Moderate security impact.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | emacs | Out of support scope | ||
| Red Hat Enterprise Linux 7 | emacs | Will not fix | ||
| Red Hat Enterprise Linux 8 | emacs | Fixed | RHSA-2023:7083 | 14.11.2023 |
| Red Hat Enterprise Linux 8 | emacs | Fixed | RHSA-2023:7083 | 14.11.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | emacs | Fixed | RHSA-2024:1103 | 05.03.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | emacs | Fixed | RHSA-2024:1408 | 19.03.2024 |
| Red Hat Enterprise Linux 9 | emacs | Fixed | RHSA-2023:2626 | 09.05.2023 |
Показывать по
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.
GNU Emacs through 28.2 allows attackers to execute commands via shell ...
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.
7.3 High
CVSS3