Vulnerability-Lookup

CVE-2022-48337 (GCVE-0-2022-48337)

Vulnerability from cvelistv5 – Published: 2023-02-20 00:00 – Updated: 2025-03-18 15:30

Summary

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

5 references

URL	Tags
https://git.savannah.gnu.org/cgit/emacs.git/commi…
https://www.debian.org/security/2023/dsa-5360	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:10:59.761Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c"
          },
          {
            "name": "DSA-5360",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5360"
          },
          {
            "name": "[debian-lts-announce] 20230509 [SECURITY] [DLA 3416-1] emacs security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html"
          },
          {
            "name": "FEDORA-2023-5763445abe",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/"
          },
          {
            "name": "FEDORA-2023-29df561f1d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-48337",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-18T15:30:19.045463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-78",
                "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T15:30:23.044Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-14T02:06:13.683Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c"
        },
        {
          "name": "DSA-5360",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5360"
        },
        {
          "name": "[debian-lts-announce] 20230509 [SECURITY] [DLA 3416-1] emacs security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html"
        },
        {
          "name": "FEDORA-2023-5763445abe",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/"
        },
        {
          "name": "FEDORA-2023-29df561f1d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-48337",
    "datePublished": "2023-02-20T00:00:00.000Z",
    "dateReserved": "2023-02-20T00:00:00.000Z",
    "dateUpdated": "2025-03-18T15:30:23.044Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-48337",
      "date": "2026-05-20",
      "epss": "0.00447",
      "percentile": "0.63669"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"28.2\", \"matchCriteriaId\": \"8E37D947-CF14-442A-B26B-3C570DB9D5E1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \\\"etags -u *\\\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.\"}]",
      "id": "CVE-2022-48337",
      "lastModified": "2024-11-21T07:33:11.937",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2023-02-20T23:15:12.243",
      "references": "[{\"url\": \"https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5360\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5360\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-48337\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-02-20T23:15:12.243\",\"lastModified\":\"2025-03-18T16:15:14.647\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \\\"etags -u *\\\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"28.2\",\"matchCriteriaId\":\"8E37D947-CF14-442A-B26B-3C570DB9D5E1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5360\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5360\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5360\", \"name\": \"DSA-5360\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html\", \"name\": \"[debian-lts-announce] 20230509 [SECURITY] [DLA 3416-1] emacs security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/\", \"name\": \"FEDORA-2023-5763445abe\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/\", \"name\": \"FEDORA-2023-29df561f1d\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T15:10:59.761Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-48337\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-18T15:30:19.045463Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-18T15:30:13.515Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5360\", \"name\": \"DSA-5360\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html\", \"name\": \"[debian-lts-announce] 20230509 [SECURITY] [DLA 3416-1] emacs security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/\", \"name\": \"FEDORA-2023-5763445abe\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/\", \"name\": \"FEDORA-2023-29df561f1d\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \\\"etags -u *\\\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-10-14T02:06:13.683Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-48337\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-18T15:30:23.044Z\", \"dateReserved\": \"2023-02-20T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-02-20T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0145

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Db2	IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2
IBM	QRadar Suite Software	QRadar Suite Software versions 1.10.x.x antérieures à 1.10.18.0
IBM	N/A	IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions antérieures à v4.8.2
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF05
IBM	QRadar	IBM QRadar Use Case Manager App versions antérieures à 3.9.0
IBM	WebSphere	IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20
IBM	WebSphere	IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services versions 6.1.x.x antérieures à 6.1.0.23
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services versions 6.3.x.x antérieures à 6.3.0.6
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services versions 6.2.x.x antérieures à 6.2.0.22
IBM	Db2	IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2
IBM	Cloud Pak	IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.18.0
IBM	Spectrum	IBM Spectrum Scale versions 5.1.x.x antérieures à 5.1.2.15
IBM	WebSphere	IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20
IBM	QRadar WinCollect Agent	IBM QRadar WinCollect Agent versions 10.0.x antérieures à 10.1.9
IBM	Spectrum	IBM Spectrum Scale versions 5.1.3.x antérieures à 5.1.9.2

References

Title

Publication Time

CERTFR-2024-AVI-0145

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Db2	IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2
IBM	QRadar Suite Software	QRadar Suite Software versions 1.10.x.x antérieures à 1.10.18.0
IBM	N/A	IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions antérieures à v4.8.2
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF05
IBM	QRadar	IBM QRadar Use Case Manager App versions antérieures à 3.9.0
IBM	WebSphere	IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20
IBM	WebSphere	IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services versions 6.1.x.x antérieures à 6.1.0.23
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services versions 6.3.x.x antérieures à 6.3.0.6
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services versions 6.2.x.x antérieures à 6.2.0.22
IBM	Db2	IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2
IBM	Cloud Pak	IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.18.0
IBM	Spectrum	IBM Spectrum Scale versions 5.1.x.x antérieures à 5.1.2.15
IBM	WebSphere	IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20
IBM	QRadar WinCollect Agent	IBM QRadar WinCollect Agent versions 10.0.x antérieures à 10.1.9
IBM	Spectrum	IBM Spectrum Scale versions 5.1.3.x antérieures à 5.1.9.2

References

Title

Publication Time

alsa-2023:2626

Vulnerability from osv_almalinux

Published

2023-05-09 00:00

Modified

2023-05-11 22:55

Summary

Important: emacs security update

Details

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.

Security Fix(es):

emacs: Regression of CVE-2023-28617 fixes in the AlmaLinux (CVE-2023-2491)
emacs: command execution via shell metacharacters (CVE-2022-48337)
emacs: local command injection in ruby-mode.el (CVE-2022-48338)
emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:2626	ADVISORY
	https://access.redhat.com/security/cve/CVE-2022-48337	REPORT
	https://access.redhat.com/security/cve/CVE-2022-48338	REPORT
	https://access.redhat.com/security/cve/CVE-2022-48339	REPORT
	https://access.redhat.com/security/cve/CVE-2023-2491	REPORT
	https://bugzilla.redhat.com/2171987	REPORT
	https://bugzilla.redhat.com/2171988	REPORT
	https://bugzilla.redhat.com/2171989	REPORT
	https://bugzilla.redhat.com/2192873	REPORT
	https://errata.almalinux.org/9/ALSA-2023-2626.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "emacs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:27.2-8.el9_2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "emacs-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:27.2-8.el9_2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "emacs-filesystem"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:27.2-8.el9_2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "emacs-lucid"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:27.2-8.el9_2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "emacs-nox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:27.2-8.el9_2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es):\n\n* emacs: Regression of CVE-2023-28617 fixes in the AlmaLinux (CVE-2023-2491)\n* emacs: command execution via shell metacharacters (CVE-2022-48337)\n* emacs: local command injection in ruby-mode.el (CVE-2022-48338)\n* emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:2626",
  "modified": "2023-05-11T22:55:28Z",
  "published": "2023-05-09T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:2626"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-48337"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-48338"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-48339"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-2491"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2171987"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2171988"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2171989"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2192873"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2023-2626.html"
    }
  ],
  "related": [
    "CVE-2023-28617",
    "CVE-2023-2491",
    "CVE-2022-48337",
    "CVE-2022-48338",
    "CVE-2022-48339"
  ],
  "summary": "Important: emacs security update"
}

alsa-2023:7083

Vulnerability from osv_almalinux

Published

2023-11-14 00:00

Modified

2023-11-23 10:22

Summary

Moderate: emacs security update

Details

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.

Security Fix(es):

emacs: command execution via shell metacharacters (CVE-2022-48337)
emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:7083	ADVISORY
	https://access.redhat.com/security/cve/CVE-2022-48337	REPORT
	https://access.redhat.com/security/cve/CVE-2022-48339	REPORT
	https://bugzilla.redhat.com/2171987	REPORT
	https://bugzilla.redhat.com/2171989	REPORT
	https://errata.almalinux.org/8/ALSA-2023-7083.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "emacs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:26.1-11.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "emacs-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:26.1-11.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "emacs-filesystem"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:26.1-11.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "emacs-lucid"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:26.1-11.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "emacs-nox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:26.1-11.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "emacs-terminal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:26.1-11.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es):\n\n* emacs: command execution via shell metacharacters (CVE-2022-48337)\n* emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2023:7083",
  "modified": "2023-11-23T10:22:22Z",
  "published": "2023-11-14T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:7083"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-48337"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-48339"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2171987"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2171989"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2023-7083.html"
    }
  ],
  "related": [
    "CVE-2022-48337",
    "CVE-2022-48339"
  ],
  "summary": "Moderate: emacs security update"
}

BDU:2024-06036

Vulnerability from fstec - Published: 20.02.2023

Title

Уязвимость файла lib-src/etags.c компонента etags текстового редактора EMACS, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость файла lib-src/etags.c компонента etags текстового редактора EMACS связана с неправильной нейтрализацией специальных элементов, используемых в команде ОС. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Red Hat Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», Fedora Project, АО «НТЦ ИТ РОСА», АО "НППКТ", The GNU Project

Software Name

Red Hat Enterprise Linux, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Fedora, ROSA Virtualization (запись в едином реестре российских программ №5091), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), EMACS

Software Version

7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 9 (Red Hat Enterprise Linux), 37 (Fedora), 8.6 Extended Update Support (Red Hat Enterprise Linux), 38 (Fedora), 2.1 (ROSA Virtualization), до 2.8 (ОСОН ОСнова Оnyx), 8.8 Extended Update Support (Red Hat Enterprise Linux), до 28.2 включительно (EMACS)

Possible Mitigations

Для emacs: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2022-48337 Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2022-48337 Для ОСОН ОСнова Оnyx: Обновление программного обеспечения emacs до версии 1:26.1+1-3.2+deb10u4 Для системы управления средой виртуализации «ROSA Virtualization»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2841

Reference

https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c https://redos.red-soft.ru/support/secure/ https://security-tracker.debian.org/tracker/CVE-2022-48337 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/ https://access.redhat.com/security/cve/CVE-2022-48337 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/ https://abf.rosa.ru/advisories/ROSA-SA-2025-2841

CWE

CWE-78

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Fedora Project, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", The GNU Project",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 9 (Red Hat Enterprise Linux), 37 (Fedora), 8.6 Extended Update Support (Red Hat Enterprise Linux), 38 (Fedora), 2.1 (ROSA Virtualization), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 8.8 Extended Update Support (Red Hat Enterprise Linux), \u0434\u043e 28.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (EMACS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f emacs:\nhttps://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2022-48337\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/\t\nhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2022-48337\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f emacs \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:26.1+1-3.2+deb10u4\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2841",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.02.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.08.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-06036",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-48337",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Fedora, ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), EMACS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Red Hat Inc. Red Hat Enterprise Linux 9 , Fedora Project Fedora 37 , Red Hat Inc. Red Hat Enterprise Linux 8.6 Extended Update Support , Fedora Project Fedora 38 , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Red Hat Inc. Red Hat Enterprise Linux 8.8 Extended Update Support ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0430\u0439\u043b\u0430 lib-src/etags.c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 etags \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 EMACS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b) (CWE-78)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0430\u0439\u043b\u0430 lib-src/etags.c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 etags \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 EMACS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u041e\u0421. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c\nhttps://redos.red-soft.ru/support/secure/\nhttps://security-tracker.debian.org/tracker/CVE-2022-48337\nhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/\t\nhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/\nhttps://access.redhat.com/security/cve/CVE-2022-48337\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2841",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-78",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

FKIE_CVE-2022-48337

Vulnerability from fkie_nvd - Published: 2023-02-20 23:15 - Updated: 2025-03-18 16:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c	Patch
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/
cve@mitre.org	https://www.debian.org/security/2023/dsa-5360	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c	Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5360	Third Party Advisory

Impacted products

	Vendor	Product	Version
	gnu	emacs	*
	debian	debian_linux	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E37D947-CF14-442A-B26B-3C570DB9D5E1",
              "versionEndIncluding": "28.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input."
    }
  ],
  "id": "CVE-2022-48337",
  "lastModified": "2025-03-18T16:15:14.647",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-02-20T23:15:12.243",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5360"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-8HW9-JQH3-H2RX

Vulnerability from github – Published: 2023-02-21 00:30 – Updated: 2025-03-18 18:30

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-48337"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77",
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-20T23:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.",
  "id": "GHSA-8hw9-jqh3-h2rx",
  "modified": "2025-03-18T18:30:37Z",
  "published": "2023-02-21T00:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48337"
    },
    {
      "type": "WEB",
      "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5360"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-48337

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-48337

Aliases

CVE-2022-48337

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-48337",
    "description": "GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.",
    "id": "GSD-2022-48337",
    "references": [
      "https://www.debian.org/security/2023/dsa-5360",
      "https://advisories.mageia.org/CVE-2022-48337.html",
      "https://www.suse.com/security/cve/CVE-2022-48337.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-48337"
      ],
      "details": "GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.",
      "id": "GSD-2022-48337",
      "modified": "2023-12-13T01:19:26.126644Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-48337",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c",
            "refsource": "MISC",
            "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c"
          },
          {
            "name": "DSA-5360",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2023/dsa-5360"
          },
          {
            "name": "[debian-lts-announce] 20230509 [SECURITY] [DLA 3416-1] emacs security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html"
          },
          {
            "name": "FEDORA-2023-5763445abe",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/"
          },
          {
            "name": "FEDORA-2023-29df561f1d",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "28.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-48337"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c"
            },
            {
              "name": "DSA-5360",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5360"
            },
            {
              "name": "[debian-lts-announce] 20230509 [SECURITY] [DLA 3416-1] emacs security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html"
            },
            {
              "name": "FEDORA-2023-5763445abe",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/"
            },
            {
              "name": "FEDORA-2023-29df561f1d",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-10-14T03:15Z",
      "publishedDate": "2023-02-20T23:15Z"
    }
  }
}

MSRC_CVE-2022-48337

Vulnerability from csaf_microsoft - Published: 2023-02-01 00:00 - Updated: 2023-03-22 00:00

Summary

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2022-48337

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 18397-17086		—

Known affected 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 17086-1		—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2023/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2023/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2022-48337 GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2022-48337.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.",
    "tracking": {
      "current_release_date": "2023-03-22T00:00:00.000Z",
      "generator": {
        "date": "2025-10-20T00:15:36.627Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2022-48337",
      "initial_release_date": "2023-02-01T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-02-28T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2023-03-22T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 emacs 28.2-4",
                "product": {
                  "name": "\u003ccbl2 emacs 28.2-4",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 emacs 28.2-4",
                "product": {
                  "name": "cbl2 emacs 28.2-4",
                  "product_id": "18397"
                }
              }
            ],
            "category": "product_name",
            "name": "emacs"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 emacs 28.2-4 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 emacs 28.2-4 as a component of CBL Mariner 2.0",
          "product_id": "18397-17086"
        },
        "product_reference": "18397",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-48337",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "18397-17086"
        ],
        "known_affected": [
          "17086-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-48337 GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2022-48337.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-28T00:00:00.000Z",
          "details": "28.2-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "17086-1"
          ]
        }
      ],
      "title": "GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input."
    }
  ]
}

OPENSUSE-SU-2024:12721-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

emacs-28.2-2.1 on GA media

Severity

Moderate

Notes

Title of the patch: emacs-28.2-2.1 on GA media

Description of the patch: These are all security issues fixed in the emacs-28.2-2.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-12721

CVE-2022-48337

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:emacs-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-el-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-el-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-el-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-el-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-eln-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-eln-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-eln-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-eln-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-info-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-info-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-info-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-info-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-nox-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-nox-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-nox-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-nox-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-x11-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-x11-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-x11-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-x11-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:etags-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:etags-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:etags-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:etags-28.2-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-48338

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:emacs-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-el-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-el-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-el-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-el-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-eln-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-eln-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-eln-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-eln-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-info-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-info-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-info-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-info-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-nox-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-nox-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-nox-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-nox-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-x11-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-x11-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-x11-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-x11-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:etags-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:etags-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:etags-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:etags-28.2-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-48339

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:emacs-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-el-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-el-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-el-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-el-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-eln-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-eln-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-eln-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-eln-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-info-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-info-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-info-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-info-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-nox-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-nox-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-nox-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-nox-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-x11-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-x11-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-x11-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:emacs-x11-28.2-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:etags-28.2-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:etags-28.2-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:etags-28.2-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:etags-28.2-2.1.x86_64	—	Vendor Fix

Threats

Impact important

References

15 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2022-48337/	self
https://www.suse.com/security/cve/CVE-2022-48338/	self
https://www.suse.com/security/cve/CVE-2022-48339/	self
https://www.suse.com/security/cve/CVE-2022-48337	external
https://bugzilla.suse.com/1208515	external
https://bugzilla.suse.com/1211499	external
https://bugzilla.suse.com/1211512	external
https://bugzilla.suse.com/1213840	external
https://www.suse.com/security/cve/CVE-2022-48338	external
https://bugzilla.suse.com/1208514	external
https://www.suse.com/security/cve/CVE-2022-48339	external
https://bugzilla.suse.com/1208512	external
https://bugzilla.suse.com/1211512	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "emacs-28.2-2.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the emacs-28.2-2.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-12721",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12721-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-48337 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-48337/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-48338 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-48338/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-48339 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-48339/"
      }
    ],
    "title": "emacs-28.2-2.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:12721-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "emacs-28.2-2.1.aarch64",
                "product": {
                  "name": "emacs-28.2-2.1.aarch64",
                  "product_id": "emacs-28.2-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-el-28.2-2.1.aarch64",
                "product": {
                  "name": "emacs-el-28.2-2.1.aarch64",
                  "product_id": "emacs-el-28.2-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-eln-28.2-2.1.aarch64",
                "product": {
                  "name": "emacs-eln-28.2-2.1.aarch64",
                  "product_id": "emacs-eln-28.2-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-info-28.2-2.1.aarch64",
                "product": {
                  "name": "emacs-info-28.2-2.1.aarch64",
                  "product_id": "emacs-info-28.2-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-nox-28.2-2.1.aarch64",
                "product": {
                  "name": "emacs-nox-28.2-2.1.aarch64",
                  "product_id": "emacs-nox-28.2-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-x11-28.2-2.1.aarch64",
                "product": {
                  "name": "emacs-x11-28.2-2.1.aarch64",
                  "product_id": "emacs-x11-28.2-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "etags-28.2-2.1.aarch64",
                "product": {
                  "name": "etags-28.2-2.1.aarch64",
                  "product_id": "etags-28.2-2.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "emacs-28.2-2.1.ppc64le",
                "product": {
                  "name": "emacs-28.2-2.1.ppc64le",
                  "product_id": "emacs-28.2-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-el-28.2-2.1.ppc64le",
                "product": {
                  "name": "emacs-el-28.2-2.1.ppc64le",
                  "product_id": "emacs-el-28.2-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-eln-28.2-2.1.ppc64le",
                "product": {
                  "name": "emacs-eln-28.2-2.1.ppc64le",
                  "product_id": "emacs-eln-28.2-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-info-28.2-2.1.ppc64le",
                "product": {
                  "name": "emacs-info-28.2-2.1.ppc64le",
                  "product_id": "emacs-info-28.2-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-nox-28.2-2.1.ppc64le",
                "product": {
                  "name": "emacs-nox-28.2-2.1.ppc64le",
                  "product_id": "emacs-nox-28.2-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-x11-28.2-2.1.ppc64le",
                "product": {
                  "name": "emacs-x11-28.2-2.1.ppc64le",
                  "product_id": "emacs-x11-28.2-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "etags-28.2-2.1.ppc64le",
                "product": {
                  "name": "etags-28.2-2.1.ppc64le",
                  "product_id": "etags-28.2-2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "emacs-28.2-2.1.s390x",
                "product": {
                  "name": "emacs-28.2-2.1.s390x",
                  "product_id": "emacs-28.2-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-el-28.2-2.1.s390x",
                "product": {
                  "name": "emacs-el-28.2-2.1.s390x",
                  "product_id": "emacs-el-28.2-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-eln-28.2-2.1.s390x",
                "product": {
                  "name": "emacs-eln-28.2-2.1.s390x",
                  "product_id": "emacs-eln-28.2-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-info-28.2-2.1.s390x",
                "product": {
                  "name": "emacs-info-28.2-2.1.s390x",
                  "product_id": "emacs-info-28.2-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-nox-28.2-2.1.s390x",
                "product": {
                  "name": "emacs-nox-28.2-2.1.s390x",
                  "product_id": "emacs-nox-28.2-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-x11-28.2-2.1.s390x",
                "product": {
                  "name": "emacs-x11-28.2-2.1.s390x",
                  "product_id": "emacs-x11-28.2-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "etags-28.2-2.1.s390x",
                "product": {
                  "name": "etags-28.2-2.1.s390x",
                  "product_id": "etags-28.2-2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "emacs-28.2-2.1.x86_64",
                "product": {
                  "name": "emacs-28.2-2.1.x86_64",
                  "product_id": "emacs-28.2-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-el-28.2-2.1.x86_64",
                "product": {
                  "name": "emacs-el-28.2-2.1.x86_64",
                  "product_id": "emacs-el-28.2-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-eln-28.2-2.1.x86_64",
                "product": {
                  "name": "emacs-eln-28.2-2.1.x86_64",
                  "product_id": "emacs-eln-28.2-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-info-28.2-2.1.x86_64",
                "product": {
                  "name": "emacs-info-28.2-2.1.x86_64",
                  "product_id": "emacs-info-28.2-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-nox-28.2-2.1.x86_64",
                "product": {
                  "name": "emacs-nox-28.2-2.1.x86_64",
                  "product_id": "emacs-nox-28.2-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-x11-28.2-2.1.x86_64",
                "product": {
                  "name": "emacs-x11-28.2-2.1.x86_64",
                  "product_id": "emacs-x11-28.2-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "etags-28.2-2.1.x86_64",
                "product": {
                  "name": "etags-28.2-2.1.x86_64",
                  "product_id": "etags-28.2-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-28.2-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-28.2-2.1.aarch64"
        },
        "product_reference": "emacs-28.2-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-28.2-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-28.2-2.1.ppc64le"
        },
        "product_reference": "emacs-28.2-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-28.2-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-28.2-2.1.s390x"
        },
        "product_reference": "emacs-28.2-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-28.2-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-28.2-2.1.x86_64"
        },
        "product_reference": "emacs-28.2-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-el-28.2-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-el-28.2-2.1.aarch64"
        },
        "product_reference": "emacs-el-28.2-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-el-28.2-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-el-28.2-2.1.ppc64le"
        },
        "product_reference": "emacs-el-28.2-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-el-28.2-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-el-28.2-2.1.s390x"
        },
        "product_reference": "emacs-el-28.2-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-el-28.2-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-el-28.2-2.1.x86_64"
        },
        "product_reference": "emacs-el-28.2-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-eln-28.2-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-eln-28.2-2.1.aarch64"
        },
        "product_reference": "emacs-eln-28.2-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-eln-28.2-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-eln-28.2-2.1.ppc64le"
        },
        "product_reference": "emacs-eln-28.2-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-eln-28.2-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-eln-28.2-2.1.s390x"
        },
        "product_reference": "emacs-eln-28.2-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-eln-28.2-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-eln-28.2-2.1.x86_64"
        },
        "product_reference": "emacs-eln-28.2-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-info-28.2-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-info-28.2-2.1.aarch64"
        },
        "product_reference": "emacs-info-28.2-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-info-28.2-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-info-28.2-2.1.ppc64le"
        },
        "product_reference": "emacs-info-28.2-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-info-28.2-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-info-28.2-2.1.s390x"
        },
        "product_reference": "emacs-info-28.2-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-info-28.2-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-info-28.2-2.1.x86_64"
        },
        "product_reference": "emacs-info-28.2-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-nox-28.2-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-nox-28.2-2.1.aarch64"
        },
        "product_reference": "emacs-nox-28.2-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-nox-28.2-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-nox-28.2-2.1.ppc64le"
        },
        "product_reference": "emacs-nox-28.2-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-nox-28.2-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-nox-28.2-2.1.s390x"
        },
        "product_reference": "emacs-nox-28.2-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-nox-28.2-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-nox-28.2-2.1.x86_64"
        },
        "product_reference": "emacs-nox-28.2-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-x11-28.2-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-x11-28.2-2.1.aarch64"
        },
        "product_reference": "emacs-x11-28.2-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-x11-28.2-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-x11-28.2-2.1.ppc64le"
        },
        "product_reference": "emacs-x11-28.2-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-x11-28.2-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-x11-28.2-2.1.s390x"
        },
        "product_reference": "emacs-x11-28.2-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-x11-28.2-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-x11-28.2-2.1.x86_64"
        },
        "product_reference": "emacs-x11-28.2-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "etags-28.2-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:etags-28.2-2.1.aarch64"
        },
        "product_reference": "etags-28.2-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "etags-28.2-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:etags-28.2-2.1.ppc64le"
        },
        "product_reference": "etags-28.2-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "etags-28.2-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:etags-28.2-2.1.s390x"
        },
        "product_reference": "etags-28.2-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "etags-28.2-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:etags-28.2-2.1.x86_64"
        },
        "product_reference": "etags-28.2-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-48337",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-48337"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:emacs-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-el-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-el-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-el-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-el-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-eln-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-eln-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-eln-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-eln-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-info-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-info-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-info-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-info-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-nox-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-nox-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-nox-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-nox-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-x11-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-x11-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-x11-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-x11-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:etags-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:etags-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:etags-28.2-2.1.s390x",
          "openSUSE Tumbleweed:etags-28.2-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-48337",
          "url": "https://www.suse.com/security/cve/CVE-2022-48337"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208515 for CVE-2022-48337",
          "url": "https://bugzilla.suse.com/1208515"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211499 for CVE-2022-48337",
          "url": "https://bugzilla.suse.com/1211499"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211512 for CVE-2022-48337",
          "url": "https://bugzilla.suse.com/1211512"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213840 for CVE-2022-48337",
          "url": "https://bugzilla.suse.com/1213840"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:emacs-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:etags-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:etags-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:etags-28.2-2.1.s390x",
            "openSUSE Tumbleweed:etags-28.2-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:emacs-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:etags-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:etags-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:etags-28.2-2.1.s390x",
            "openSUSE Tumbleweed:etags-28.2-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-48337"
    },
    {
      "cve": "CVE-2022-48338",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-48338"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:emacs-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-el-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-el-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-el-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-el-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-eln-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-eln-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-eln-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-eln-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-info-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-info-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-info-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-info-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-nox-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-nox-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-nox-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-nox-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-x11-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-x11-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-x11-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-x11-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:etags-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:etags-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:etags-28.2-2.1.s390x",
          "openSUSE Tumbleweed:etags-28.2-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-48338",
          "url": "https://www.suse.com/security/cve/CVE-2022-48338"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208514 for CVE-2022-48338",
          "url": "https://bugzilla.suse.com/1208514"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:emacs-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:etags-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:etags-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:etags-28.2-2.1.s390x",
            "openSUSE Tumbleweed:etags-28.2-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:emacs-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:etags-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:etags-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:etags-28.2-2.1.s390x",
            "openSUSE Tumbleweed:etags-28.2-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-48338"
    },
    {
      "cve": "CVE-2022-48339",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-48339"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:emacs-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-el-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-el-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-el-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-el-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-eln-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-eln-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-eln-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-eln-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-info-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-info-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-info-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-info-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-nox-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-nox-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-nox-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-nox-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:emacs-x11-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:emacs-x11-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:emacs-x11-28.2-2.1.s390x",
          "openSUSE Tumbleweed:emacs-x11-28.2-2.1.x86_64",
          "openSUSE Tumbleweed:etags-28.2-2.1.aarch64",
          "openSUSE Tumbleweed:etags-28.2-2.1.ppc64le",
          "openSUSE Tumbleweed:etags-28.2-2.1.s390x",
          "openSUSE Tumbleweed:etags-28.2-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-48339",
          "url": "https://www.suse.com/security/cve/CVE-2022-48339"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208512 for CVE-2022-48339",
          "url": "https://bugzilla.suse.com/1208512"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211512 for CVE-2022-48339",
          "url": "https://bugzilla.suse.com/1211512"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:emacs-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:etags-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:etags-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:etags-28.2-2.1.s390x",
            "openSUSE Tumbleweed:etags-28.2-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:emacs-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-el-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-eln-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-info-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-nox-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.s390x",
            "openSUSE Tumbleweed:emacs-x11-28.2-2.1.x86_64",
            "openSUSE Tumbleweed:etags-28.2-2.1.aarch64",
            "openSUSE Tumbleweed:etags-28.2-2.1.ppc64le",
            "openSUSE Tumbleweed:etags-28.2-2.1.s390x",
            "openSUSE Tumbleweed:etags-28.2-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-48339"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-48337 (GCVE-0-2022-48337)

Solution

Solution

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature