CVE-2024-53920

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-53920
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html
https://git.savannah.gnu.org/cgit/emacs.git/tag/?h=emacs-30.0.92
https://git.savannah.gnu.org/cgit/emacs.git/tree/ChangeLog.4
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
https://news.ycombinator.com/item?id=42256409
https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg@mail.gmail.com/
Configurations

No configuration.

History

13 Mar 2025, 20:15

Type Values Removed Values Added
CWE CWE-94
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

04 Mar 2025, 22:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : unknown
CWE CWE-94

01 Mar 2025, 06:15

Type Values Removed Values Added
References
  • {'url': 'https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/', 'source': 'cve@mitre.org'}
  • () https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1 -
  • () https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg@mail.gmail.com/ -
Summary (en) In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.) (en) In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
Information

Published : 2024-11-27 15:15

Updated : 2025-03-13 20:15

NVD link : CVE-2024-53920

Mitre link : CVE-2024-53920

CVE.ORG link : CVE-2024-53920

JSON object : View

Products Affected

No product.

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')