CVE-2023-2491

CWE-77Command Injection5 documents5 sources
Severity
7.8HIGH
EPSS
0.1%
top 76.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
GNU EmacsRedhat Enterprise LinuxRedhat Enterprise Linux EUS+2 more
Timeline
PublishedMay 17
Latest updateMay 18

Description

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5emacsAffects emacs v26.1-9.el8 and emacs v27.2-8.el9, Fixed in emacs v26.1-10.el8_8.2 and emacs v27.2-8.el9_2.1
NVDgnu/emacs26.1-9.el8, 27.2-8.el9+1

Also affects: Enterprise Linux 8.0, 9.0, 8.8, 9.2

🔴Vulnerability Details

2
GHSA
GHSA-2hj6-9wp7-hvmh: A flaw was found in the Emacs text editor2023-05-18
CVEList
CVE-2023-2491: A flaw was found in the Emacs text editor2023-05-17

📋Vendor Advisories

2
Red Hat
emacs: Regression of CVE-2023-28617 fixes in the Red Hat Enterprise Linux2023-05-09
Debian
CVE-2023-2491: emacs - A flaw was found in the Emacs text editor. Processing a specially crafted org-mo...2023
CVE-2023-2491 (HIGH CVSS 7.8) | A flaw was found in the Emacs text | cvebase.io