CVE-2023-27986

CVE-2023-27986

Name

CVE-2023-27986

Description

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://www.openwall.com/lists/oss-security/2023/03/08/2
MISC	http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc
MLIST	http://www.openwall.com/lists/oss-security/2023/03/09/1
MISC	https://www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections/

Type

URI

MISC

https://www.openwall.com/lists/oss-security/2023/03/08/2

MISC

http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc

MLIST

http://www.openwall.com/lists/oss-security/2023/03/09/1

MISC

https://www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections/