Lucene search

[email protected]CVE-2017-14482

HistorySep 14, 2017 - 4:29 p.m.

CVE-2017-14482

2017-09-1416:29:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

186

cve

2017

14482

remote code execution

gnu emacs

security vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.031 Low

EPSS

Percentile

91.0%

JSON

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted “Content-Type: text/enriched” data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).

CPENameOperatorVersion
gnu:emacsgnu emacsle25.2
debian:debian_linuxdebian debian linuxeq8.0

CPE	Name	Operator	Version
gnu:emacs	gnu emacs	le	25.2
debian:debian_linux	debian debian linux	eq	8.0

References

www.debian.org/security/2017/dsa-3975

www.openwall.com/lists/oss-security/2017/09/11/1

access.redhat.com/errata/RHSA-2017:2771

debbugs.gnu.org/cgi/bugreport.cgi?bug=28350

git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70

security.gentoo.org/glsa/201801-07

www.debian.org/security/2017/dsa-3970

www.gnu.org/software/emacs/index.html#Releases

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.031 Low

EPSS

Percentile

91.0%

JSON

Related for CVE-2017-14482

nessus21 openvas35 fedora25 canvas1 suse3 ubuntu2 debian2 prion1 ibm1 redhat1 debiancve1 redhatcve1 osv4 ubuntucve1 gentoo1 amazon1 oraclelinux1 mageia1 centos1 rosalinux1