CVE-2023-2491

Published: May 17, 2023Modified: Jan 22, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

Affected (9)

Products: Gnu: Emacs · Redhat: Enterprise Linux, Enterprise Linux Eus, Enterprise Linux Server Aus, Enterprise Linux Server Tus

1 product

4 products

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gnu Emacs	Version 26.1-9.el8
Gnu Emacs	Version 27.2-8.el9

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0
Redhat Enterprise Linux Eus	Version 8.8
Redhat Enterprise Linux Eus	Version 9.2
Redhat Enterprise Linux Server Aus	Version 8.8
Redhat Enterprise Linux Server Aus	Version 9.2
Redhat Enterprise Linux Server Tus	Version 8.8