Lucene search

K

China National Vulnerability DatabaseCNVD-2022-85329

HistoryNov 30, 2022 - 12:00 a.m.

GNU Emacs Command Injection Vulnerability

2022-11-3000:00:00

China National Vulnerability Database

www.cnvd.org.cn

8

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

GNU Emacs is a family of text editors from the GNU community in the U.S. A command injection vulnerability exists in GNU Emacs version 28.2 and earlier, which stems from lib-src/etags.c’s use of system C library functions when implementing the ctags program. An attacker could exploit the vulnerability to execute arbitrary commands.

CPENameOperatorVersion
gnu gnu emacsle28.2

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Related for CNVD-2022-85329

nessus38 oraclelinux2 ubuntucve1 openvas25 redhatcve1 fedora2 slackware2 amazon2 cve1 debian2 prion1 osv6 almalinux2 veracode1 ubuntu1 cbl_mariner1 debiancve1 redhat5 alpinelinux1 freebsd1 mageia1 photon4 ibm1