CVE-2008-2142

CWE-8297 documents7 sources

Severity

6.8MEDIUM

EPSS

3.0%

top 13.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Emacs

Timeline

PublishedMay 12

Latest updateMay 1

Description

Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debianxemacs21-packages< 2009.02.17-1+1

▶NVDgnu/emacs21.3.1

🔴Vulnerability Details

GHSA

GHSA-6hwc-q43w-j73j: Emacs 21 and XEmacs automatically load and execute↗2022-05-01

▶

OSV

CVE-2008-2142: Emacs 21 and XEmacs automatically load and execute↗2008-05-12

▶

CVEList

CVE-2008-2142: Emacs 21 and XEmacs automatically load and execute↗2008-05-12

▶

📋Vendor Advisories

Red Hat

emacs: fast-lock-mode arbitrary lisp code execution↗2008-05-09

▶

Debian

CVE-2008-2142: xemacs21-packages - Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that a...↗2008

▶

💬Community

Bugzilla

CVE-2008-2142 emacs: fast-lock-mode arbitrary lisp code execution↗2008-05-12

▶