CVE-2008-3949 — Code Injection in Xemacs21

CWE-94 — Code Injection5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 77.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Xemacs21

Timeline

PublishedSep 22

Latest updateMay 2

Description

emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶debiandebian/xemacs21

🔴Vulnerability Details

GHSA

GHSA-9pv8-whmh-9q87: emacs/lisp/progmodes/python↗2022-05-02

▶

📋Vendor Advisories

Red Hat

emacs: Python interactive shell arbitrary code execution↗2008-08-24

▶

Debian

CVE-2008-3949: xemacs21 - emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from...↗2008

▶

💬Community

Bugzilla

CVE-2008-3949 emacs: Python interactive shell arbitrary code execution↗2008-09-18

▶