CVE-2022-45939

7.8HIGH

Key Information

Vendor: Gnu
Status: Emacs
Vendor: CVE Published:; 28 November 2022

Summary

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 28, 2022
Vulnerability Reserved.
Nov 28, 2022

Collectors

NVD DatabaseMitre Database