[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256288

 
 

909

 
 

199146

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-2198Date: (C)2014-05-21   (M)2023-12-22


The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "33[100000000000000000@".

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.5
Exploit Score: 6.8
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
http://www.openwall.com/lists/oss-security/2011/06/09/3
http://www.openwall.com/lists/oss-security/2011/06/13/10
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629688
https://bugzilla.gnome.org/show_bug.cgi?id=652124
https://bugzilla.redhat.com/show_bug.cgi?id=712148
https://git.gnome.org/browse/vte/commit/?h=vte-0-28&id=ac71d26f067be3a21bff315c3cabf24c94360dd6
openSUSE-SU-2012:0931

CPE    4
cpe:/o:opensuse:opensuse:12.1
cpe:/o:opensuse:opensuse:11.4
cpe:/o:oracle:solaris:11.2
cpe:/a:gnome:gnome-terminal
...
CWE    1
CWE-20
OVAL    2
oval:org.secpod.oval:def:102837
oval:org.secpod.oval:def:102928

© SecPod Technologies