Lucene search

Veracode Vulnerability DatabaseVERACODE:46240

HistoryApr 05, 2024 - 10:36 p.m.

Arbitrary Code Execution

2024-04-0522:36:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

emacs

org mode

vulnerability

arbitrary code execution

software

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

emacs is vulnerable to Arbitrary Code Execution. The vulnerability is due to a lack of proper validation of user input during the activation process of Org mode in Emacs, allowing the execution of arbitrary Lisp code during the activation process.

CPENameOperatorVersion
emacs:sideq1:27.1+1-3
org-mode:sideq9.4.0+dfsg-1
emacs:sideq1:27.1+1-3
org-mode:sideq9.4.0+dfsg-1
emacs:bookwormeq1:27.1+1-3.1

Name	Operator	Version
emacs:sid	eq	1:27.1+1-3
org-mode:sid	eq	9.4.0+dfsg-1
emacs:sid	eq	1:27.1+1-3
org-mode:sid	eq	9.4.0+dfsg-1
emacs:bookworm	eq	1:27.1+1-3.1

References

www.openwall.com/lists/oss-security/2024/03/25/2

www.openwall.com/lists/oss-security/2024/04/08/6

git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb

git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29

git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9

security-tracker.debian.org/tracker/CVE-2024-30202