CVE-2007-6109 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Xemacs21

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources

Severity

10.0CRITICALNVD

EPSS

3.0%

top 13.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Xemacs21 Msrc CBL Mariner 2.0 ARM Msrc CBL Mariner 2.0 X64

Timeline

PublishedDec 7

Latest updateJun 14

Description

Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/xemacs21< xemacs21 21.4.21-4 (bookworm)

▶msrcmsrc/cbl_mariner_2.0_arm

▶msrcmsrc/cbl_mariner_2.0_x64

🔴Vulnerability Details

GHSA

GHSA-2gmr-48xr-j34m: Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified oth↗2022-05-01

▶

OSV

CVE-2007-6109: Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified oth↗2007-12-07

▶

📋Vendor Advisories

Microsoft

CVE-2007-6109: NIST NVD Details: https://nvd↗2022-06-14

▶

Ubuntu

Emacs vulnerabilities↗2008-05-06

▶

Red Hat

Emacs buffer overflows↗2007-12-07

▶

Debian

CVE-2007-6109: xemacs21 - Stack-based buffer overflow in emacs allows user-assisted attackers to cause a d...↗2007

▶

💬Community

Bugzilla

CVE-2007-6109 Emacs buffer overflows↗2007-12-07

▶