GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:54
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
01 Mar 2023, 14:48
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian
Debian debian Linux Fedoraproject Fedoraproject fedora |
|
References | (MISC) https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 - Patch | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/12/msg00046.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2023/dsa-5314 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOXIH2FDEQJEAARE52C3GHTLGQFBYPIB/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FOSK3J7BBAEI4IITW2DRUKLQYUZYKH6Y/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
12 Jan 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jan 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jan 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Dec 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Dec 2022, 19:48
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:* | |
References | (MISC) https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 - Mailing List, Patch, Vendor Advisory | |
First Time |
Gnu
Gnu emacs |
28 Nov 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-28 06:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-45939
Mitre link : CVE-2022-45939
CVE.ORG link : CVE-2022-45939
JSON object : View
Products Affected
gnu
- emacs
fedoraproject
- fedora
debian
- debian_linux
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')