What is the severity of CVE-2024-53920?

CVE-2024-53920 has been classified as a high severity vulnerability due to its ability to allow arbitrary code execution through unsafe Lisp macro expansion.

How do I fix CVE-2024-53920?

To fix CVE-2024-53920, users should update GNU Emacs to version 30.0.93 or later, where the issue has been resolved.

What software versions are affected by CVE-2024-53920?

CVE-2024-53920 affects GNU Emacs versions up to and including 30.0.92.

What type of vulnerability is CVE-2024-53920?

CVE-2024-53920 is a code execution vulnerability that arises from unsafe macro expansion in Emacs Lisp.

Who is vulnerable to CVE-2024-53920?

Any user of GNU Emacs versions 30.0.92 or earlier who uses elisp-completion-at-point on untrusted Emacs Lisp source code is vulnerable to CVE-2024-53920.

Vulnerability/
CVE-2024-53920

critical

9.8

CWE

27/11/2024

2/12/2024

CVE-2024-53920: Code Injection

First published: Wed Nov 27 2024(Updated: )

In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
GNU Emacs	<=30.0.92

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-53920?
CVE-2024-53920 has been classified as a high severity vulnerability due to its ability to allow arbitrary code execution through unsafe Lisp macro expansion.
How do I fix CVE-2024-53920?
To fix CVE-2024-53920, users should update GNU Emacs to version 30.0.93 or later, where the issue has been resolved.
What software versions are affected by CVE-2024-53920?
CVE-2024-53920 affects GNU Emacs versions up to and including 30.0.92.
What type of vulnerability is CVE-2024-53920?
CVE-2024-53920 is a code execution vulnerability that arises from unsafe macro expansion in Emacs Lisp.
Who is vulnerable to CVE-2024-53920?
Any user of GNU Emacs versions 30.0.92 or earlier who uses elisp-completion-at-point on untrusted Emacs Lisp source code is vulnerable to CVE-2024-53920.

agent/type
agent/first-publish-date
agent/description
agent/references
agent/author
collector/nvd-api
source/NVD
agent/last-modified-date
agent/severity
agent/weakness
agent/event
collector/mitre-cve
source/MITRE
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/gnu
canonical/gnu emacs

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.