CVE-2024-53920

NameCVE-2024-53920
DescriptionIn elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1088690

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
emacs (PTS)bullseye (security), bullseye1:27.1+1-3.1+deb11u5vulnerable
bookworm, bookworm (security)1:28.2+1-15+deb12u3vulnerable
sid, trixie1:29.4+1-4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
emacssource(unstable)(unfixed)1088690

Notes

[bookworm] - emacs <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - emacs <postponed> (Minor issue, revisit when fixed upstream)
https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html
https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/

Search for package or bug name: Reporting problems