CVE-2024-37535

Опубликовано: 09 июн. 2024

Источник: debian

EPSS Низкий

Описание

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
vte	unfixed			package
vte2.91	fixed	0.76.3-1	experimental	package
vte2.91	fixed	0.76.3-6		package
vte2.91	no-dsa		bookworm	package
vte2.91	no-dsa		bullseye	package
vte2.91	postponed		buster	package

Примечания

https://gitlab.gnome.org/GNOME/vte/-/issues/2786
https://www.openwall.com/lists/oss-security/2024/06/09/1
https://gitlab.gnome.org/GNOME/vte/-/commit/fd5511f24b7269195a7083f409244e9787c705dc (master)
https://gitlab.gnome.org/GNOME/vte/-/commit/1803ba866053a3d7840892b9d31fe2944a183eda (master)
https://gitlab.gnome.org/GNOME/vte/-/commit/036bc3ddcbb56f05c6ca76712a53b89dee1369e2 (0.76.3)
https://gitlab.gnome.org/GNOME/vte/-/commit/c313849c2e5133802e21b13fa0b141b360171d39 (0.76.3)
The legacy src:vte is only used in d-i without security implications

EPSS

Процентиль: 22%

0.00069

Низкий

Связанные уязвимости

CVE-2024-37535

CVSS3: 4.4

ubuntu

около 1 года назад

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.

CVE-2024-37535

CVSS3: 5.5

redhat

около 1 года назад

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.

CVE-2024-37535

CVSS3: 4.4

nvd

около 1 года назад

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.

CVE-2024-37535

CVSS3: 4.4

msrc

9 месяцев назад

Описание отсутствует

SUSE-SU-2024:2180-1

suse-cvrf

около 1 года назад

Security update for vte

EPSS

Процентиль: 22%

0.00069

Низкий