Lucene search

K

ROSA LABROSA-SA-2023-2191

HistoryJul 18, 2023 - 11:16 a.m.

Advisory ROSA-SA-2023-2191

2023-07-1811:16:22

ROSA LAB

abf.rosalinux.ru

14

advisory

rosa

software

emacs

os

rosa-server79

vulnerability

command injection

arbitrary code execution

cve-2022-48339

fixed

yum update.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

25.1%

Software: emacs 24.3-23.
OS: rosa-server79

package_evr_string: 24.3-23.res7.1

CVE-ID: CVE-2022-48339
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and srcdir parameter come from external input, and the parameters are not escaped. If the file name or directory name contains shell metacharacters, the code can be executed.
CVE-STATUS: Fixed
CVE-REV: Run the yum update emacs command to close it

OSVersionArchitecturePackageVersionFilename
rosaanynoarchemacs< 24.3UNKNOWN

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

25.1%

Related for ROSA-SA-2023-2191