CVE-2024-30202

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-30202
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2024/03/25/2 Mailing List
http://www.openwall.com/lists/oss-security/2024/04/08/6 Mailing List
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb Patch
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 Release Notes
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9 Patch
http://www.openwall.com/lists/oss-security/2024/03/25/2 Mailing List
http://www.openwall.com/lists/oss-security/2024/04/08/6 Mailing List
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb Patch
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 Release Notes
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9 Patch
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:gnu:org_mode:*:*:*:*:*:gnu_emacs:*:*
History

01 May 2025, 14:33

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/03/25/2 - () http://www.openwall.com/lists/oss-security/2024/03/25/2 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/04/08/6 - () http://www.openwall.com/lists/oss-security/2024/04/08/6 - Mailing List
References () https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb - () https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb - Patch
References () https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 - () https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 - Release Notes
References () https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9 - () https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9 - Patch
CPE cpe:2.3:a:gnu:org_mode:*:*:*:*:*:gnu_emacs:*:*
cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*
First Time Gnu org Mode
Gnu
Gnu emacs

21 Nov 2024, 09:11

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/03/25/2 - () http://www.openwall.com/lists/oss-security/2024/03/25/2 -
References () http://www.openwall.com/lists/oss-security/2024/04/08/6 - () http://www.openwall.com/lists/oss-security/2024/04/08/6 -
References () https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb - () https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb -
References () https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 - () https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 -
References () https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9 - () https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9 -

14 Nov 2024, 20:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
CWE CWE-94

01 May 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/04/08/6 -

01 May 2024, 17:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/03/25/2 -

25 Mar 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-25 15:15

Updated : 2025-05-01 14:33

NVD link : CVE-2024-30202

Mitre link : CVE-2024-30202

CVE.ORG link : CVE-2024-30202

JSON object : View

Products Affected

gnu

  • emacs
  • org_mode
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')