Published: 21/05/2014 Updated: 30/10/2018

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) prior to 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome gnome-terminal
opensuse opensuse 12.1
opensuse opensuse 11.4
oracle solaris 11.2

Debian Bug report logs - #629688 libvte9: malicious escape sequence causes gnome-terminal to crash (memory consumption DoS) Package: libvte9; Maintainer for libvte9 is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for libvte9 is src:vte (PTS, buildd, popcon) Affects: xfce4-terminal Reported ...

CWE-20 CWE-399 http://www.openwall.com/lists/oss-security/2011/06/13/10 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629688 https://bugzilla.gnome.org/show_bug.cgi?id=652124 http://www.openwall.com/lists/oss-security/2011/06/09/3 http://lists.opensuse.org/opensuse-updates/2012-08/msg00001.html https://git.gnome.org/browse/vte/commit/?h=vte-0-28&id=ac71d26f067be3a21bff315c3cabf24c94360dd6 https://bugzilla.redhat.com/show_bug.cgi?id=712148 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629688 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-2198

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect