CVE-2023-27986

Published: Mar 9, 2023Modified: Mar 5, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.

Affected (1)

Products: Gnu: Emacs

Gnu

1 product

Emacs

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Emacs	From 28.1 to 28.2

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc

Source: cve@mitre.org

Issue TrackingPatch

http://www.openwall.com/lists/oss-security/2023/03/09/1

Source: cve@mitre.org

Mailing ListPatch

https://www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections/

Source: cve@mitre.org

https://www.openwall.com/lists/oss-security/2023/03/08/2

Source: cve@mitre.org

Mailing ListPatch

http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

http://www.openwall.com/lists/oss-security/2023/03/09/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

https://www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.openwall.com/lists/oss-security/2023/03/08/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

Timeline

No history available yet.