CVE-2021-27135

Опубликовано: 10 фев. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.

Ссылки

http://seclists.org/fulldisclosure/2021/May/52
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/02/10/7
Mailing List
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-27135
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1927559
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1182091
Issue Tracking
https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c
Patch
Third Party Advisory
https://invisible-island.net/xterm/xterm.log.html
Release Notes
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00019.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35LK2ZXEIJUOGOA7FV2TJL3L6LFJ4X5S/
https://news.ycombinator.com/item?id=26524650
Issue Tracking
Third Party Advisory
https://security.gentoo.org/glsa/202208-22
Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/02/09/7
Mailing List
Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/02/09/9
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/May/52
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/02/10/7
Mailing List
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-27135
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1927559
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1182091
Issue Tracking
https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c
Patch
Third Party Advisory
https://invisible-island.net/xterm/xterm.log.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:invisible-island:xterm:*:*:*:*:*:*:*:*

Версия до 366 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00631

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2021-27135

CVSS3: 9.8

ubuntu

больше 4 лет назад

xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.

CVE-2021-27135

CVSS3: 9.6

redhat

больше 4 лет назад

xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.

CVE-2021-27135

CVSS3: 9.8

msrc

больше 3 лет назад

Описание отсутствует

CVE-2021-27135

CVSS3: 9.8

debian

больше 4 лет назад

xterm before Patch #366 allows remote attackers to execute arbitrary c ...

openSUSE-SU-2021:2011-1

suse-cvrf

почти 4 года назад

Security update for xterm

EPSS

Процентиль: 69%

0.00631

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo