CVE-2022-24130

Опубликовано: 31 янв. 2022

Источник: debian

Описание

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
xterm	fixed	370-2		package
xterm	fixed	366-1+deb11u1	bullseye	package
xterm	fixed	344-1+deb10u2	buster	package

Примечания

https://twitter.com/nickblack/status/1487731459398025216
https://www.openwall.com/lists/oss-security/2022/01/30/2
https://www.openwall.com/lists/oss-security/2022/01/30/3
https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d

Связанные уязвимости

CVE-2022-24130

CVSS3: 5.5

ubuntu

почти 4 года назад

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

CVE-2022-24130

CVSS3: 5.5

redhat

почти 4 года назад

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

CVE-2022-24130

CVSS3: 5.5

nvd

почти 4 года назад

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

CVE-2022-24130

CVSS3: 5.5

msrc

почти 4 года назад

xterm through Patch 370 when Sixel support is enabled allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

SUSE-SU-2022:3953-1

suse-cvrf

почти 3 года назад

Security update for xterm