CVE-2022-45939

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GNU Emacs versions through 28.2

Description The issue is related to the incorrect neutralization of special elements in the lib-src/etags.c component of the ctags program in the EMACS text editor. This can allow an attacker to execute commands via shell metacharacters in the name of a source-code file. For example, a victim may use the "ctags *" command in a situation where the current working directory has contents that depend on untrusted input.

Recommendations For GNU Emacs versions through 28.2, consider avoiding the use of the "ctags *" command in situations where the current working directory has contents that depend on untrusted input, as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

ALSA-2023:2366

ALSA-2023:3042

ALT-PU-2023-5762

AZL-11515

BDU:2024-05926

CESA-2023_3042

CVE-2022-45939

DLA-3257-1

DSA-5314-1

MGASA-2022-0457

OESA-2022-2131

OPENSUSE-SU-2022_4304-1

OPENSUSE-SU-2022_4310-1

OPENSUSE-SU-2024:12541-1

RHSA-2023:2366

RHSA-2023:3042

RHSA-2023_2366

RHSA-2023_3042

RHSA-2024:1103

ROSA-SA-2024-2433

SUSE-SU-2022:4304-1

SUSE-SU-2022:4305-1

SUSE-SU-2022:4310-1

SUSE-SU-2022_4304-1

SUSE-SU-2022_4305-1

SUSE-SU-2022_4310-1

USN-5781-1

USN-7027-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Gnu Emacs

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

CVE-2022-45939

Weakness Enumeration

Related Identifiers

Affected Products

References · 67