Vulnerability Details CVE-2023-2491
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.2%
CVSS Severity
CVSS v3 Score 7.8
References
- https://access.redhat.com/errata/RHSA-2023:2626
- https://access.redhat.com/errata/RHSA-2023:3104
- https://access.redhat.com/security/cve/CVE-2023-2491
- https://bugzilla.redhat.com/show_bug.cgi?id=2192873
- https://access.redhat.com/errata/RHSA-2023:2626
- https://access.redhat.com/errata/RHSA-2023:3104
- https://access.redhat.com/security/cve/CVE-2023-2491
- https://bugzilla.redhat.com/show_bug.cgi?id=2192873
Products affected by CVE-2023-2491
-
cpe:2.3:a:gnu:emacs:26.1-9.el8
-
cpe:2.3:a:gnu:emacs:27.2-8.el9
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:8.8
-
cpe:2.3:o:redhat:enterprise_linux_eus:9.2
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.8
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8