Vulnerability Details : CVE-2008-3949
emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2008-3949
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-3949
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2008-3949
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-3949
-
Red Hat 2017-08-07Not vulnerable. This issue did not affect the versions of the emacs package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:216
-
http://www.securityfocus.com/bid/31052
-
http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00215.html
- http://security.gentoo.org/glsa/glsa-200902-06.xml
-
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:018 - openSUSE Security Announce - openSUSE Mailing Lists
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45021
-
https://bugzilla.novell.com/show_bug.cgi?id=424340
- cpe:2.3:o:suse:suse_linux:*:*:*:*:*:*:*:*