{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-30203", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-07T11:03:21.383Z", "dateReserved": "2024-03-25T00:00:00", "datePublished": "2024-03-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-01T18:12:29.966784"}, "descriptions": [{"lang": "en", "value": "In Emacs before 29.3, Gnus treats inline MIME contents as trusted."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"}, {"url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804"}, {"name": "[debian-lts-announce] 20240429 [SECURITY] [DLA 3801-1] emacs security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html"}, {"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3802-1] org-mode security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html"}, {"name": "[oss-security] 20240325 Re: GNU emacs 29.3 released to fix security issues", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/03/25/2"}, {"name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/4"}, {"name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/3"}, {"name": "[oss-security] 20240411 Re: Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/11/5"}, {"name": "[oss-security] 20240411 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/11/6"}, {"name": "[oss-security] 20240411 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/11/4"}, {"name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/4"}, {"name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/6"}, {"name": "[oss-security] 20240410 Re: Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/5"}, {"name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/7"}, {"name": "[oss-security] 20240408 Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/3"}, {"name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/6"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T16:17:00.795450Z", "id": "CVE-2024-30203", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T11:03:21.383Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:25:03.329Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29", "tags": ["x_transferred"]}, {"url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20240429 [SECURITY] [DLA 3801-1] emacs security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html"}, {"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3802-1] org-mode security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html"}, {"name": "[oss-security] 20240325 Re: GNU emacs 29.3 released to fix security issues", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/03/25/2"}, {"name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/4"}, {"name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/3"}, {"name": "[oss-security] 20240411 Re: Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/11/5"}, {"name": "[oss-security] 20240411 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/11/6"}, {"name": "[oss-security] 20240411 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/11/4"}, {"name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/4"}, {"name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/6"}, {"name": "[oss-security] 20240410 Re: Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/5"}, {"name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/7"}, {"name": "[oss-security] 20240408 Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/3"}, {"name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/6"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29", "tags": ["x_transferred"]}, {"url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html", "name": "[debian-lts-announce] 20240429 [SECURITY] [DLA 3801-1] emacs security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html", "name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3802-1] org-mode security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/25/2", "name": "[oss-security] 20240325 Re: GNU emacs 29.3 released to fix security issues", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/4", "name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/3", "name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/11/5", "name": "[oss-security] 20240411 Re: Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/11/6", "name": "[oss-security] 20240411 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/11/4", "name": "[oss-security] 20240411 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/4", "name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/6", "name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/5", "name": "[oss-security] 20240410 Re: Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/7", "name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/3", "name": "[oss-security] 20240408 Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/6", "name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:25:03.329Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-30203", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-17T16:17:00.795450Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T16:17:06.321Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"}, {"url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html", "name": "[debian-lts-announce] 20240429 [SECURITY] [DLA 3801-1] emacs security update", "tags": ["mailing-list"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html", "name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3802-1] org-mode security update", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/25/2", "name": "[oss-security] 20240325 Re: GNU emacs 29.3 released to fix security issues", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/4", "name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/3", "name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/11/5", "name": "[oss-security] 20240411 Re: Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/11/6", "name": "[oss-security] 20240411 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/11/4", "name": "[oss-security] 20240411 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/4", "name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/6", "name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/5", "name": "[oss-security] 20240410 Re: Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/7", "name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/3", "name": "[oss-security] 20240408 Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/6", "name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "In Emacs before 29.3, Gnus treats inline MIME contents as trusted."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-01T18:12:29.966784"}}}, "cveMetadata": {"cveId": "CVE-2024-30203", "state": "PUBLISHED", "dateUpdated": "2024-11-07T11:03:21.383Z", "dateReserved": "2024-03-25T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-03-25T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Emacs before 29.3, Gnus treats inline MIME contents as trusted."}, {"lang": "es", "value": "En Emacs anterior a 29.3, Gnus trata el contenido MIME en l\u00ednea como confiable."}], "id": "CVE-2024-30203", "lastModified": "2024-11-07T11:35:05.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-25T15:15:52.477", "references": [{"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/03/25/2"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/04/08/3"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/04/08/4"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/04/08/6"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/04/08/7"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/04/10/3"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/04/10/4"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/04/10/5"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/04/10/6"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/04/11/4"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/04/11/5"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/04/11/6"}, {"source": "cve@mitre.org", "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804"}, {"source": "cve@mitre.org", "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:6987", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "emacs-1:26.1-12.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6987", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "emacs-1:26.1-12.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:9302", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "emacs-1:27.2-10.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "emacs: Gnus treats inline MIME contents as trusted", "id": "2280296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280296"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-349", "details": ["In Emacs before 29.3, Gnus treats inline MIME contents as trusted.", "A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service."], "mitigation": {"lang": "en:us", "value": "Do not open emails from untrusted sources."}, "name": "CVE-2024-30203", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-30203\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-30203\nhttps://www.openwall.com/lists/oss-security/2024/03/25/2"], "statement": "This issue is very similar to CVE-2024-30204. See https://access.redhat.com/security/cve/CVE-2024-30204.", "threat_severity": "Moderate", "upstream_fix": "emacs 29.3"}