Published: 10/02/2021 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

xterm before Patch #366 allows remote malicious users to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.

Vulnerable Product	Search on Vulmon	Subscribe to Product
invisible-island xterm
debian debian linux 9.0
fedoraproject fedora 33

Synopsis Important: xterm security update Type/Severity Security Advisory: Important Topic An update for xterm is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...

Debian Bug report logs - #982435 screen: CVE-2021-26937 Package: src:screen; Maintainer for src:screen is Axel Beckert <abe@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 10 Feb 2021 10:00:01 UTC Severity: grave Tags: confirmed, security, upstream Found in versions screen/450-6, scre ...

Debian Bug report logs - #982439 xterm: CVE-2021-27135: crash when selecting specially crafted UTF-8 character sequence Package: src:xterm; Maintainer for src:xterm is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 10 Feb 2021 10:33:02 UTC Severity: ...

A flaw was found in xterm A specially crafted sequence of combining characters causes an out of bounds write leading to arbitrary code execution The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (CVE-2021-27135) ...

In xterm before version 366, an attacker could cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence ...

A missing length check in libX11 allows data from LookupColor requests to mess up the client-server communication protocol and inject malicious X server requests ...

Full Disclosure mailing list archives   By Date By Thread </form>    CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology  <!--X-Head-of-Message- ...

oss-sec mailing list archives   By Date By Thread </form>    Re: Re: screen crash processing combining characters   From: Utkarsh Gupt ...

CISA Log4j (CVE-2021-44228) Vulnerability Guidance This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228) CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2150 or apply the recommended mitigations immediately Official CISA Guidance & Resou

NVD-CWE-noinfo https://www.openwall.com/lists/oss-security/2021/02/09/7 https://www.openwall.com/lists/oss-security/2021/02/09/9 http://www.openwall.com/lists/oss-security/2021/02/10/7 https://lists.debian.org/debian-lts-announce/2021/02/msg00019.html https://invisible-island.net/xterm/xterm.log.html https://bugzilla.redhat.com/show_bug.cgi?id=1927559 https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c https://news.ycombinator.com/item?id=26524650 https://access.redhat.com/security/cve/CVE-2021-27135 https://bugzilla.suse.com/show_bug.cgi?id=1182091 http://seclists.org/fulldisclosure/2021/May/52 https://security.gentoo.org/glsa/202208-22 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35LK2ZXEIJUOGOA7FV2TJL3L6LFJ4X5S/https://access.redhat.com/errata/RHSA-2021:0611 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2021-1619.html

CVE-2021-27135

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect