Published: 28/11/2022 Updated: 07/11/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

GNU Emacs up to and including 28.2 allows malicious users to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu emacs
debian debian linux 10.0
debian debian linux 11.0
fedoraproject fedora 36
fedoraproject fedora 37

Debian Bug report logs - #1025009 emacs: CVE-2022-45939: ctags local command execute vulnerability Package: src:emacs; Maintainer for src:emacs is Rob Browning <rlb@defaultvalueorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 28 Nov 2022 18:42:02 UTC Severity: important Tags: security, upstream ...

Synopsis Moderate: emacs security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for emacs is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as hav ...

Synopsis Moderate: emacs security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for emacs is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as hav ...

It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands For the stable distribution (bullseye), this problem has been fixed in version 1:271+1-31+deb11u1 We recommend that you upgrade your emacs packages For the detailed security status of emacs please refer to ...

GNU Emacs through 282 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etagsc uses the system C library function in its implementation of the ctags program For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current wor ...

DescriptionA flaw was found in Etags, the Ctags implementation of Emacs A file with a crafted filename may result in arbitrary command execution when processed by EtagsA flaw was found in Etags, the Ctags implementation of Emacs A file with a crafted filename may result in arbitrary command execution when processed by Etags ...

GNU Emacs through 282 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etagsc uses the system C library function in its implementation of the ctags program For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current wor ...

CWE-78 https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 https://lists.debian.org/debian-lts-announce/2022/12/msg00046.html https://www.debian.org/security/2023/dsa-5314 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GOXIH2FDEQJEAARE52C3GHTLGQFBYPIB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOSK3J7BBAEI4IITW2DRUKLQYUZYKH6Y/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025009 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5314

CVE-2022-45939

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect