CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expansion

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expansion

From:	Eshel Yaron
Subject:	CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expansion
Date:	Wed, 27 Nov 2024 08:02:35 +0100
User-agent:	Gnus/5.13 (Gnus v5.13)

Hi all,

I've just published an advisory regarding an arbitrary code execution
vulnerability in Emacs, which has been assigned CVE-2024-53920:

https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html

The vulnerability itself is not new and it has been brought up in the
past (as I learned from Stefan K. after reporting this issue privately),
but no CVE has been assigned previously.  I tried to spell out the issue
in clear and simple terms in this advisory, if someone spots a mistake
or something that deserves further clarification, please let me know.


Best regards and safe hacking,

Eshel

[Prev in Thread]

Current Thread

[Next in Thread]

CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expansion, Eshel Yaron <=
- Re: CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expansion, Daniel Radetsky, 2024/11/27
  - Re: CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expansion, Eshel Yaron, 2024/11/27
    - Re: CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expansion, Daniel Radetsky, 2024/11/27

Prev by Date: Re: igc: trying to chase a crash
Next by Date: Re: Turning on/off tree-sitter modes
Previous by thread: Re: [PATCH] add compiled regexp primitive lisp object
Next by thread: Re: CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expansion
Index(es):
- Date
- Thread