CVE-2021-27135

Опубликовано: 10 фев. 2021

Источник: debian

EPSS Низкий

Описание

xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
xterm	fixed	366-1		package
xterm	fixed	344-1+deb10u1	buster	package

Примечания

https://www.openwall.com/lists/oss-security/2021/02/09/7
https://invisible-island.net/xterm/xterm.log.html#xterm_366
https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c

EPSS

Процентиль: 69%

0.00631

Низкий

Связанные уязвимости

CVE-2021-27135

CVSS3: 9.8

ubuntu

больше 4 лет назад

xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.

CVE-2021-27135

CVSS3: 9.6

redhat

больше 4 лет назад

xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.

CVE-2021-27135

CVSS3: 9.8

nvd

больше 4 лет назад

xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.

CVE-2021-27135

CVSS3: 9.8

msrc

больше 3 лет назад

Описание отсутствует

openSUSE-SU-2021:2011-1

suse-cvrf

почти 4 года назад

Security update for xterm

EPSS

Процентиль: 69%

0.00631

Низкий