Vulnerability Description
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Emacs | < 29.3 |
| Gnu | Org Mode | < 9.6.23 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/03/25/2Mailing List
- http://www.openwall.com/lists/oss-security/2024/04/08/6Mailing List
- https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6Patch
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29Release Notes
- https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869bPatch
- http://www.openwall.com/lists/oss-security/2024/03/25/2Mailing List
- http://www.openwall.com/lists/oss-security/2024/04/08/6Mailing List
- https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6Patch
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29Release Notes
- https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869bPatch
FAQ
What is CVE-2024-30202?
CVE-2024-30202 is a vulnerability with a CVSS score of 7.8 (HIGH). In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
How severe is CVE-2024-30202?
CVE-2024-30202 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-30202?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Emacs, Gnu Org Mode.