Advisory ROSA-SA-2024-2433

software: emacs 28.1
WASP: ROSA-CHROME

package_evr_string: emacs-28.1-5

CVE-ID: CVE-2022-48339
BDU-ID: None
CVE-Crit: N/A
CVE-DESC.: A problem was discovered in GNU Emacs. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and srcdir parameter come from external input, and the parameters are not escaped. If the file or directory name contains shell metacharacters, code can be executed
CVE-STATUS: Eliminated
CVE-REV: To close, run the command: sudo dnf update emacs

CVE-ID: CVE-2022-48338
BDU-ID: None
CVE-Crit: N/A
CVE-DESC.: The problem was found in GNU Emacs. In Ruby-mode.el, the Ruby-find-library-file function has a local command injection vulnerability. The Ruby-find-library-file function is an interactive function and is bound to C-c C-f. Within the function, the external command gem is invoked via the shell command line, but the function name parameters are not escaped. Thus, malicious Ruby source files can cause commands to be executed.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update emacs

CVE-ID: CVE-2022-45939
BDU-ID: None
CVE-Crit: N/A
CVE-DESC.: GNU Emacs allows attackers to execute commands via shell metacharacters in the source file name because lib-src/etags.c uses a C system library function in its implementation of the ctags program. For example, a victim might use the “ctags *” command (suggested in the ctags documentation) in a situation where the contents of the current working directory depend on unreliable input.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update emacs

CVE-ID: CVE-2022-48337
BDU-ID: None
CVE-Crit: N/A
CVE-DESC.: GNU Emacs allows attackers to execute commands using shell metacharacters in the source file name, because lib-src
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update emacs