Emacs Lisp Code Injection in Emacs 28.1 to 28.2
CVE-2023-27986

7.8HIGH

Key Information:

Vendor: Gnu
Status: Emacs
Vendor: CVE Published:; 9 March 2023

Summary

The emacsclient-mail.desktop file in Emacs versions 28.1 and 28.2 is susceptible to code injection attacks via specially crafted mailto: URIs containing unescaped double-quote characters. This vulnerability enables potential attackers to execute arbitrary Emacs Lisp code, compromising user systems. The issue has been addressed in Emacs version 29.0.90, making it essential for users of the affected versions to update promptly to enhance their security posture.

References

https://www.openwall.com/lists/oss-security/2023/03/08/2

http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emac...

http://www.openwall.com/lists/oss-security/2023/03/09/1

mailing-list

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 9, 2023
Vulnerability Reserved
Mar 9, 2023