{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-30204", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-04T16:34:51.409Z", "dateReserved": "2024-03-25T00:00:00", "datePublished": "2024-03-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-01T18:12:31.908377"}, "descriptions": [{"lang": "en", "value": "In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"}, {"url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c"}, {"name": "[debian-lts-announce] 20240429 [SECURITY] [DLA 3801-1] emacs security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html"}, {"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3802-1] org-mode security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html"}, {"name": "[oss-security] 20240325 Re: GNU emacs 29.3 released to fix security issues", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/03/25/2"}, {"name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/4"}, {"name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/3"}, {"name": "[oss-security] 20240411 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/11/4"}, {"name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/4"}, {"name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/6"}, {"name": "[oss-security] 20240410 Re: Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/5"}, {"name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/7"}, {"name": "[oss-security] 20240408 Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/3"}, {"name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/6"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-276", "lang": "en", "description": "CWE-276 Incorrect Default Permissions"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-18T13:42:11.496611Z", "id": "CVE-2024-30204", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-04T16:34:51.409Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:25:03.423Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29", "tags": ["x_transferred"]}, {"url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20240429 [SECURITY] [DLA 3801-1] emacs security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html"}, {"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3802-1] org-mode security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html"}, {"name": "[oss-security] 20240325 Re: GNU emacs 29.3 released to fix security issues", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/03/25/2"}, {"name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/4"}, {"name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/3"}, {"name": "[oss-security] 20240411 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/11/4"}, {"name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/4"}, {"name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/6"}, {"name": "[oss-security] 20240410 Re: Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/5"}, {"name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/7"}, {"name": "[oss-security] 20240408 Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/3"}, {"name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/6"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29", "tags": ["x_transferred"]}, {"url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html", "name": "[debian-lts-announce] 20240429 [SECURITY] [DLA 3801-1] emacs security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html", "name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3802-1] org-mode security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/25/2", "name": "[oss-security] 20240325 Re: GNU emacs 29.3 released to fix security issues", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/4", "name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/3", "name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/11/4", "name": "[oss-security] 20240411 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/4", "name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/6", "name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/5", "name": "[oss-security] 20240410 Re: Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/7", "name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/3", "name": "[oss-security] 20240408 Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/6", "name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:25:03.423Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-30204", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-18T13:42:11.496611Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-18T13:42:31.848Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"}, {"url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html", "name": "[debian-lts-announce] 20240429 [SECURITY] [DLA 3801-1] emacs security update", "tags": ["mailing-list"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html", "name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3802-1] org-mode security update", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/25/2", "name": "[oss-security] 20240325 Re: GNU emacs 29.3 released to fix security issues", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/4", "name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/3", "name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/11/4", "name": "[oss-security] 20240411 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/4", "name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/6", "name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/5", "name": "[oss-security] 20240410 Re: Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/7", "name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/08/3", "name": "[oss-security] 20240408 Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/6", "name": "[oss-security] 20240410 Re: Is CVE-2024-30203 bogus? (Emacs)", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-01T18:12:31.908377"}}}, "cveMetadata": {"cveId": "CVE-2024-30204", "state": "PUBLISHED", "dateUpdated": "2024-11-04T16:34:51.409Z", "dateReserved": "2024-03-25T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-03-25T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*", "matchCriteriaId": "33B7CDB1-3230-40DE-9425-EE9F469E5C5A", "versionEndExcluding": "29.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:org_mode:*:*:*:*:*:gnu_emacs:*:*", "matchCriteriaId": "4EB86482-347A-4F21-86A8-1DADB475E29C", "versionEndExcluding": "9.6.23", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments."}, {"lang": "es", "value": "En Emacs anterior a 29.3, la vista previa de LaTeX est\u00e1 habilitada de forma predeterminada para los archivos adjuntos de correo electr\u00f3nico."}], "id": "CVE-2024-30204", "lastModified": "2025-05-01T14:33:32.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-25T15:15:52.523", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/03/25/2"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/3"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/4"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/6"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/7"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/3"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/4"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/5"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/6"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/11/4"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/03/25/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/08/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/11/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9302", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "emacs-1:27.2-10.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "emacs: LaTeX preview is enabled by default for e-mail attachments", "id": "2280297", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280297"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-349", "details": ["In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.", "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service."], "mitigation": {"lang": "en:us", "value": "Do not open or do not generate a preview of LaTeX documents from untrusted sources."}, "name": "CVE-2024-30204", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2024-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-30204\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-30204\nhttps://www.openwall.com/lists/oss-security/2024/03/25/2"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and following least privilege principles to ensure that only authorized users and roles can execute or modify code. Event logs are collected and processed for centralization, correlation, analysis, monitoring, alerting, and retention, ensuring that audit records are generated for security-relevant events involving sensitive data and that mechanisms such as digital signatures and certificates verify the authenticity and origin of logged information. Certificates for both external infrastructure and internal cluster components are established and maintained within a secure environment, using cryptographic authentication to prevent the acceptance of untrusted data. The platform also enforces FIPS-validated cryptographic modules across all compute resources, helping ensure that intercepted data cannot be accessed or interpreted by unauthorized actors.", "threat_severity": "Moderate"}