From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eshel Yaron Newsgroups: gmane.emacs.devel Subject: CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expansion Date: Wed, 27 Nov 2024 08:02:35 +0100 Message-ID: Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="31411"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: Stefan Monnier , Stefan Kangas , Andrea Corallo , Eli Zaretskii To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed Nov 27 08:03:24 2024 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tGC56-0007zv-F2 for ged-emacs-devel@m.gmane-mx.org; Wed, 27 Nov 2024 08:03:24 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tGC4S-0002Qs-25; Wed, 27 Nov 2024 02:02:44 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tGC4Q-0002Qk-Fg for emacs-devel@gnu.org; Wed, 27 Nov 2024 02:02:42 -0500 Original-Received: from mail.eshelyaron.com ([107.175.124.16] helo=eshelyaron.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tGC4O-0004UX-UF; Wed, 27 Nov 2024 02:02:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=eshelyaron.com; s=mail; t=1732690957; bh=EfFBgkQWQwRZ/bJdIWI+gGRHXslOPLCeo9WOb6xQ5M4=; h=From:To:Cc:Subject:Date:From; b=FM+FwYqJCiRLgzmGlf/633LiQ4jYvnxzKsqr2zqqYew/i5PWjwAWE9CKjbSRJvo1s 53K+5Qx9AHiRs5g45Wdm2mqcTsbOTHSWwqFfCw4of5FE0JGRgXJsmrdRyNnmycZIs5 i5jeDcHGPZEvvGit0uo2n5BuouXNY5ItPsTHI/XZu73zlE87A/xCh8lv/AZGCkacDV 9eNHDSBHs3PR6W4DfDvXF9+BVr5ls0khaE8kLLDFGjOJeyXKKEJUgoMiUPAsgR/c16 d4sBvyKVNcGMY4E0+QajHB4CfEVAjEKKI44bb8Ms8WYD0AeRA3PTtwM4pLH6TXHWvw 0cZsNxKF0rHmw== Received-SPF: pass client-ip=107.175.124.16; envelope-from=me@eshelyaron.com; helo=eshelyaron.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:325735 Archived-At: Hi all, I've just published an advisory regarding an arbitrary code execution vulnerability in Emacs, which has been assigned CVE-2024-53920: https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html The vulnerability itself is not new and it has been brought up in the past (as I learned from Stefan K. after reporting this issue privately), but no CVE has been assigned previously. I tried to spell out the issue in clear and simple terms in this advisory, if someone spots a mistake or something that deserves further clarification, please let me know. Best regards and safe hacking, Eshel