CVE-2024-53920

NameCVE-2024-53920
DescriptionIn elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4069-1, DSA-5871-1
Debian Bugs1088690

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
emacs (PTS)bullseye1:27.1+1-3.1+deb11u5vulnerable
bullseye (security)1:27.1+1-3.1+deb11u6fixed
bookworm, bookworm (security)1:28.2+1-15+deb12u4fixed
trixie1:30.1+1-4fixed
sid1:30.1+1-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
emacssourcebullseye1:27.1+1-3.1+deb11u6DLA-4069-1
emacssourcebookworm1:28.2+1-15+deb12u4DSA-5871-1
emacssource(unstable)1:30.1+1-11088690

Notes

https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html
https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/
Search for package or bug name: Reporting problems