CVE-2012-0035

8 documents6 sources

Severity

9.3CRITICAL

EPSS

4.0%

top 11.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eric M Ludlam Cedet GNU Emacs

Timeline

PublishedJan 19

Latest updateMay 4

Description

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDgnu/emacs23.3+21

▶NVDeric_m_ludlam/cedet1.0+1

Patches

Patch: lists.gnu.org ↗Patch: openwall.com ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-hw9p-49fv-hhp6: Untrusted search path vulnerability in EDE in CEDET before 1↗2022-05-04

▶

CVEList

CVE-2012-0035: Untrusted search path vulnerability in EDE in CEDET before 1↗2012-01-19

▶

📋Vendor Advisories

Ubuntu

Emacs vulnerabilities↗2012-09-27

▶

Red Hat

emacs: CEDET global-ede-mode file loading vulnerability↗2012-01-09

▶

💬Community

Bugzilla

CVE-2012-0035 emacs: CEDET global-ede-mode file loading vulnerability [fedora-all]↗2012-01-10

▶

Bugzilla

CVE-2012-0035 emacs: CEDET global-ede-mode file loading vulnerability↗2012-01-10

▶

Bugzilla

CVE-2012-0035 emacs: CEDET global-ede-mode file loading vulnerability [fedora-all]↗2012-01-10

▶