{
  "threat_severity" : "Moderate",
  "public_date" : "2024-03-25T00:00:00Z",
  "bugzilla" : {
    "description" : "emacs: Gnus treats inline MIME contents as trusted",
    "id" : "2280296",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2280296"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-349",
  "details" : [ "In Emacs before 29.3, Gnus treats inline MIME contents as trusted.", "A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service." ],
  "statement" : "This issue is very similar to CVE-2024-30204. See https://access.redhat.com/security/cve/CVE-2024-30204.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-09-24T00:00:00Z",
    "advisory" : "RHSA-2024:6987",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "emacs-1:26.1-12.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-09-24T00:00:00Z",
    "advisory" : "RHSA-2024:6987",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "emacs-1:26.1-12.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9302",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "emacs-1:27.2-10.el9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "emacs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "emacs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "emacs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-30203\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-30203\nhttps://www.openwall.com/lists/oss-security/2024/03/25/2" ],
  "name" : "CVE-2024-30203",
  "mitigation" : {
    "value" : "Do not open emails from untrusted sources.",
    "lang" : "en:us"
  },
  "csaw" : false
}