#VU87807 Use of Potentially Dangerous Function in Emacs - CVE-2024-30202

Cybersecurity Help s.r.o.

Published: 2024-03-26

Vulnerability identifier: #VU87807

Vulnerability risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-30202

CWE-ID: CWE-676

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Emacs
Client/Desktop applications / Office applications

Vendor: GNU

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to usage of dangerous method when processing untrusted files. A remote attacker can trick the victim to open a specially crafted document and execute arbitrary Lisp code as part of turning on Org mode.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Emacs: 29.0.90 - 29.2

External links
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Anolis OS update for emacs

Ubuntu update for org-mode

Amazon Linux AMI update for emacs

Oracle Solaris update for thrid-party components

Gentoo update for GNU Emacs, Org Mode

Fedora 38 update for emacs

Fedora 39 update for emacs

Fedora 40 update for emacs

Multiple vulnerabilities in GNU Emacs