Lucene search

K
redosRedosROS-20240806-06
HistoryAug 06, 2024 - 12:00 a.m.

ROS-20240806-06

2024-08-0600:00:00
redos.red-soft.ru
3
emacs
text editor
vulnerability
ruby-find-library-file
etags.c
hfy-istext-command
special elements
arbitrary code
os command
exploit
remote execution
parameters
external input
unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

Low

EPSS

0.004

Percentile

73.8%

Vulnerability of ruby-find-library-file function of EMACS text editor is related to incorrect neutralization of special elements.
neutralization of special elements. Exploitation of the vulnerability could allow an attacker to execute
arbitrary code

Vulnerability in the lib-src/etags.c file of the etags component of the EMACS text editor is related to incorrect neutralization of special elements used in the EMACS text editor.
neutralization of special elements used in the OS command. Exploitation of the vulnerability could allow
an attacker acting remotely to execute arbitrary code

Vulnerability in the hfy-istext-command function of the EMACS text editor is related to the use of the parameters
file and srcdir parameters taken from external input, and the parameters themselves are not escaped. Exploitation of the vulnerability
could allow an attacker to execute arbitrary code

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64emacs<ย 25.0.92-7UNKNOWN

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

Low

EPSS

0.004

Percentile

73.8%