Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2022-45939

Public on 2022-11-28
Modified on 2024-01-12
Description

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.

Severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 emacs 2023-03-30 22:50 ALAS-2023-1712
Amazon Linux 2 - Core emacs 2023-01-30 16:03 ALAS2-2023-1928
Amazon Linux 2023 emacs 2023-03-06 17:50 ALAS2023-2023-122
Amazon Linux 2023 emacs 2023-02-17 20:48 ALAS2023-2023-108

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H