Описание
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck.
Отчет
To exploit this flaw, an attacker needs to trick a user into opening an Emacs Lisp source code file with a crafted macro definition. Additionally, the user must have elisp-completion-at-point configured or automatic error checking enabled.
For these reasons, this flaw has been rated with a Moderate severity.
Меры по смягчению последствий
Do not open or view untrusted Emacs Lisp source code files. Disabling auto-completion features and automatic error checking such as Flymake or Flycheck in untrusted Emacs Lisp source code files will mitigate this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | emacs | Out of support scope | ||
| Red Hat Enterprise Linux 7 | emacs | Out of support scope | ||
| Red Hat Enterprise Linux 8 | emacs | Fixed | RHSA-2025:11030 | 15.07.2025 |
| Red Hat Enterprise Linux 8 | emacs | Fixed | RHSA-2025:11030 | 15.07.2025 |
| Red Hat Enterprise Linux 9 | emacs | Fixed | RHSA-2025:4787 | 12.05.2025 |
| Red Hat Enterprise Linux 9 | emacs | Fixed | RHSA-2025:9448 | 24.06.2025 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | emacs | Fixed | RHSA-2025:4794 | 12.05.2025 |
| Red Hat Enterprise Linux 9.4 Extended Update Support | emacs | Fixed | RHSA-2025:4793 | 12.05.2025 |
| Red Hat Discovery 2 | discovery/discovery-server-rhel9 | Fixed | RHSA-2025:11487 | 21.07.2025 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invok ...
EPSS
7.8 High
CVSS3