CVE-2022-24130

Опубликовано: 31 янв. 2022

Источник: debian

EPSS Низкий

Описание

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
xterm	fixed	370-2		package
xterm	fixed	366-1+deb11u1	bullseye	package
xterm	fixed	344-1+deb10u2	buster	package

Примечания

https://twitter.com/nickblack/status/1487731459398025216
https://www.openwall.com/lists/oss-security/2022/01/30/2
https://www.openwall.com/lists/oss-security/2022/01/30/3
https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d

EPSS

Процентиль: 59%

0.00387

Низкий

Связанные уязвимости

CVE-2022-24130

CVSS3: 5.5

ubuntu

около 4 лет назад

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

CVE-2022-24130

CVSS3: 5.5

redhat

около 4 лет назад

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

CVE-2022-24130

CVSS3: 5.5

nvd

около 4 лет назад

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

CVE-2022-24130

CVSS3: 5.5

msrc

около 4 лет назад

Описание отсутствует

SUSE-SU-2022:3953-1

suse-cvrf

около 3 лет назад

Security update for xterm

EPSS

Процентиль: 59%

0.00387

Низкий