Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5795

7 documents7 sources
Severity
6.3MEDIUM
EPSS
1.2%
top 21.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Emacs
Timeline
PublishedNov 2
Latest updateMay 1

Description

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.

CVSS vector

AV:L/AC:M/C:N/I:C/A:CExploitability: 3.4 | Impact: 9.2

Affected Packages1 packages

NVDgnu/emacs22.1

🔴Vulnerability Details

2
GHSA
GHSA-qf2q-r4v7-rv34: The hack-local-variables function in Emacs before 222022-05-01
CVEList
CVE-2007-5795: The hack-local-variables function in Emacs before 222007-11-02

💥Exploits & PoCs

1
Exploit-DB
GNU Emacs 22.1 - Local Variable Handling Code Execution2007-11-02

📋Vendor Advisories

2
Ubuntu
Emacs vulnerability2007-11-13
Red Hat
emacs insufficient safe mode checks2007-11-02

💬Community

1
Bugzilla
CVE-2007-5795 emacs insufficient safe mode checks2007-11-05
CVE-2007-5795 (MEDIUM CVSS 6.3) | The hack-local-variables function i | cvebase.io