Fluid Attacks Database

Description

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	emacs	=1:27.1+1-3.1 \|\| =1:27.1+1-3.1+deb11u1 \|\| =1:27.1+1-3.1+deb11u2 \|\| =1:27.1+1-3.1+deb11u3 \|\| =1:27.1+1-3.1+deb11u4 \|\| =1:27.1+1-3.1+deb11u5 \|\| >=0 <1:27.1+1-3.1+deb11u6	1:27.1+1-3.1+deb11u6
debian 13	emacs	>=0 <1:30.1+1-1	1:30.1+1-1
debian 14	emacs	>=0 <1:30.1+1-1	1:30.1+1-1
debian 12	emacs	=1:28.2+1-15 \|\| =1:28.2+1-15+deb12u1 \|\| =1:28.2+1-15+deb12u2 \|\| =1:28.2+1-15+deb12u3 \|\| >=0 <1:28.2+1-15+deb12u4	1:28.2+1-15+deb12u4
rpm rhel7	emacs	-	-
rpm rhel9.4	emacs	<1:27.2-10.el9_4.2	1:27.2-10.el9_4.2
rpm rhel9.2	emacs	<1:27.2-8.el9_2.3	1:27.2-8.el9_2.3
rpm rhel6	emacs	-	-
rpm rhel9	emacs	<1:27.2-14.el9_6.2	1:27.2-14.el9_6.2
rpm rhel8	emacs	<1:26.1-15.el8_10	1:26.1-15.el8_10

Aliases

1. CVE-2024-539202. NVD-2024-539203. OSV-DEBIAN-2024-539204. OSV-2024-539205. SECURITY-TRACKER-CVE-2024-53920

References

1. https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg@mail.gmail.com/2. https://news.ycombinator.com/item?id=422564093. https://git.savannah.gnu.org/cgit/emacs.git/tag/?h=emacs-30.0.924. https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.