CVE-2022-48337

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48337
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48337.json
Related
Published
2023-02-20T23:15:00Z
Modified
2023-10-14T06:13:06.810440Z
Details

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.

References

Affected packages

Git / git.savannah.gnu.org/git/emacs.git

Affected ranges

Type
GIT
Repo
https://git.savannah.gnu.org/git/emacs.git
Events
Introduced
0The exact introduced commit is unknown
Fixed
01a4035c869b91c153af9a9132c87adb7669ea1c

Affected versions

emacs-19.*

emacs-19.34

emacs-20.*

emacs-20.1
emacs-20.2
emacs-20.3
emacs-20.4

emacs-22.*

emacs-22.1
emacs-22.2
emacs-22.3

emacs-23.*

emacs-23.2
emacs-23.3
emacs-23.4

emacs-24.*

emacs-24.0.96
emacs-24.0.97
emacs-24.1
emacs-24.2
emacs-24.2.90
emacs-24.2.91
emacs-24.2.92
emacs-24.2.93
emacs-24.3
emacs-24.3-rc1
emacs-24.3.90
emacs-24.3.91
emacs-24.3.92
emacs-24.3.93
emacs-24.3.94
emacs-24.4
emacs-24.4-rc1
emacs-24.4.90
emacs-24.4.91
emacs-24.5
emacs-24.5-rc1
emacs-24.5-rc2
emacs-24.5-rc3
emacs-24.5-rc3-fixed

emacs-25.*

emacs-25.0.90
emacs-25.0.91
emacs-25.0.92
emacs-25.0.93
emacs-25.0.94
emacs-25.0.95
emacs-25.1
emacs-25.1-rc1
emacs-25.1-rc2
emacs-25.1.90
emacs-25.1.91
emacs-25.2
emacs-25.2-rc1
emacs-25.2-rc2

emacs-26.*

emacs-26.0.90
emacs-26.0.91
emacs-26.1
emacs-26.1-rc1
emacs-26.1.90
emacs-26.1.91
emacs-26.1.92
emacs-26.2
emacs-26.2.90
emacs-26.3
emacs-26.3-rc1

emacs-27.*

emacs-27.0.90
emacs-27.0.91
emacs-27.1
emacs-27.1-rc1
emacs-27.1-rc2
emacs-27.1.90
emacs-27.1.91
emacs-27.2
emacs-27.2-rc1
emacs-27.2-rc2

emacs-28.*

emacs-28.0.90
emacs-28.0.91
emacs-28.0.92
emacs-28.1
emacs-28.1.90
emacs-28.1.91
emacs-28.2

emacs-pretest-21.*

emacs-pretest-21.0.100
emacs-pretest-21.0.101
emacs-pretest-21.0.102
emacs-pretest-21.0.103
emacs-pretest-21.0.104
emacs-pretest-21.0.105
emacs-pretest-21.0.106
emacs-pretest-21.0.90
emacs-pretest-21.0.91
emacs-pretest-21.0.92
emacs-pretest-21.0.93
emacs-pretest-21.0.95
emacs-pretest-21.0.96
emacs-pretest-21.0.97
emacs-pretest-21.0.98
emacs-pretest-21.0.99

emacs-pretest-22.*

emacs-pretest-22.0.90
emacs-pretest-22.0.91
emacs-pretest-22.0.92
emacs-pretest-22.0.93
emacs-pretest-22.0.94
emacs-pretest-22.0.95
emacs-pretest-22.0.96
emacs-pretest-22.0.97
emacs-pretest-22.0.98
emacs-pretest-22.0.99
emacs-pretest-22.0.990
emacs-pretest-22.1.90
emacs-pretest-22.1.91
emacs-pretest-22.1.92
emacs-pretest-22.2.90
emacs-pretest-22.2.91
emacs-pretest-22.2.92

emacs-pretest-23.*

emacs-pretest-23.0.90
emacs-pretest-23.0.91
emacs-pretest-23.0.92
emacs-pretest-23.0.93
emacs-pretest-23.0.94
emacs-pretest-23.0.95
emacs-pretest-23.1.90
emacs-pretest-23.1.91
emacs-pretest-23.1.92
emacs-pretest-23.1.93
emacs-pretest-23.1.94
emacs-pretest-23.1.95
emacs-pretest-23.1.96
emacs-pretest-23.1.97
emacs-pretest-23.2.90
emacs-pretest-23.2.91
emacs-pretest-23.2.92
emacs-pretest-23.2.93
emacs-pretest-23.2.93.1
emacs-pretest-23.2.94
emacs-pretest-23.3.90

emacs-pretest-24.*

emacs-pretest-24.0.05
emacs-pretest-24.0.90
emacs-pretest-24.0.91
emacs-pretest-24.0.92
emacs-pretest-24.0.93
emacs-pretest-24.0.94
emacs-pretest-24.0.95

mh-e-8.*

mh-e-8.0
mh-e-8.0.1
mh-e-8.0.2
mh-e-8.0.3
mh-e-8.1
mh-e-8.2
mh-e-8.2.90
mh-e-8.2.91
mh-e-8.2.92
mh-e-8.2.93
mh-e-8.3
mh-e-8.3.1
mh-e-8.4
mh-e-8.5
mh-e-8.6

mh-e-doc-8.*

mh-e-doc-8.0
mh-e-doc-8.0.1
mh-e-doc-8.0.3
mh-e-doc-8.1
mh-e-doc-8.2
mh-e-doc-8.3
mh-e-doc-8.4
mh-e-doc-8.5

Other

ttn-vms-21-2-B4