ALT-PU-2026-9453-1

BDU:2024-04783

HIGH8.8

Уязвимость функции Org-Link-Expand-ABBREV файла LISP/OL.EL текстового редактора EMACS, позволяющая нарушителю выполнить произвольный код

Published: 2024-06-24Modified: 2025-11-18

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2024-05926

HIGH7.8

Уязвимость файла lib-src/etags.c компонента ctags текстового редактора EMACS, позволяющая нарушителю выполнить произвольный код

Published: 2024-07-31Modified: 2025-08-18

CVSS 3.xHIGH 7.8

CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2024-06035

HIGH7.3

Уязвимость функции ruby-find-library-file текстового редактора EMACS, связанная с неправильной нейтрализацией специальных элементов, используемых в команде, позволяющая нарушителю выполнить произвольный код

Published: 2024-08-06

CVSS 3.xHIGH 7.3

CVSS:3.x/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C

References

BDU:2024-06036

CRITICAL9.8

Уязвимость файла lib-src/etags.c компонента etags текстового редактора EMACS, позволяющая нарушителю выполнить произвольный код

Published: 2024-08-06Modified: 2025-08-18

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2024-06037

HIGH7.8

Уязвимость функции hfy-istext-command текстового редактора EMACS, позволяющая нарушителю выполнить произвольный код

Published: 2024-08-06Modified: 2025-08-18

CVSS 3.xHIGH 7.8

CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2024-10771

CRITICAL9.8

Уязвимость функции elisp-completion-at-point() и elisp-flymake-byte-compile() режима ELisp текстового редактора EMACS, позволяющая нарушителю выполнить произвольный код

Published: 2024-12-04Modified: 2026-05-31

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2025-04327

HIGH8.8

Уязвимость текстового редактора EMACS, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю выполнять произвольные команды

Published: 2025-04-13Modified: 2026-03-03

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2025-16175

MEDIUM5.5

Уязвимость реализации протокола MIME текстового редактора EMACS, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-12-21

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

References

BDU:2025-16176

LOW2.8

Уязвимость реализации языка разметки LaTeX текстового редактора EMACS, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-12-21

CVSS 3.xLOW 2.8

CVSS:3.x/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

CVSS 2.0LOW 1.7

CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:P

References

BDU:2025-16177

HIGH7.1

Уязвимость реализации режима Org текстового редактора EMACS, позволяющая нарушителю оказать влияние на целостность и доступность защищаемой информации

Published: 2025-12-21

CVSS 3.xHIGH 7.1

CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CVSS 2.0MEDIUM 6.6

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:C/A:C

References

CVE-2022-45939

HIGH7.8

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.

Published: 2022-11-28Modified: 2026-06-17

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-48337

CRITICAL9.8

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.

Published: 2023-02-20Modified: 2026-06-17

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2022-48338

HIGH7.3

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.

Published: 2023-02-20Modified: 2026-06-17

CVSS 3.xHIGH 7.3

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-48339

HIGH7.8

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

Published: 2023-02-20Modified: 2026-06-17

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2023-27985

HIGH7.8

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90

Published: 2023-03-09Modified: 2026-06-17

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2023-27986

HIGH7.8

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.

Published: 2023-03-09Modified: 2026-06-17

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2024-30202

HIGH7.8

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

Published: 2024-03-25Modified: 2026-06-17

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

CVE-2024-30203

MEDIUM5.5

In Emacs before 29.3, Gnus treats inline MIME contents as trusted.

Published: 2024-03-25Modified: 2026-06-17

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2024-30204

LOW2.8

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.

Published: 2024-03-25Modified: 2026-06-17

CVSS 3.xLOW 2.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

References

CVE-2024-30205

HIGH7.1

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

Published: 2024-03-25Modified: 2026-06-17

CVSS 3.xHIGH 7.1

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

References

CVE-2024-39331

CRITICAL9.8

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

Published: 2024-06-23Modified: 2026-06-17

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2024-53920

HIGH7.8

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

Published: 2024-11-27Modified: 2026-06-17

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2025-1244

HIGH8.8

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

Published: 2025-02-12Modified: 2026-06-24

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Package update emacs in branch sisyphus_e2k

Closed issues (23)

Уязвимость функции Org-Link-Expand-ABBREV файла LISP/OL.EL текстового редактора EMACS, позволяющая нарушителю выполнить произвольный код

Уязвимость файла lib-src/etags.c компонента ctags текстового редактора EMACS, позволяющая нарушителю выполнить произвольный код

Уязвимость файла lib-src/etags.c компонента etags текстового редактора EMACS, позволяющая нарушителю выполнить произвольный код

Уязвимость функции hfy-istext-command текстового редактора EMACS, позволяющая нарушителю выполнить произвольный код

Уязвимость функции elisp-completion-at-point() и elisp-flymake-byte-compile() режима ELisp текстового редактора EMACS, позволяющая нарушителю выполнить произвольный код

Уязвимость реализации протокола MIME текстового редактора EMACS, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость реализации языка разметки LaTeX текстового редактора EMACS, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость реализации режима Org текстового редактора EMACS, позволяющая нарушителю оказать влияние на целостность и доступность защищаемой информации

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

In Emacs before 29.3, Gnus treats inline MIME contents as trusted.

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

Closed bugs (2)

emacsclient запускается под xwayland на wayland

Отвалилась поддержка /etc/emacs/site-start.el