CVE-2003-0022

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

rxvt

arbitrary file overwrite

screen dump

security vulnerability

cve-2003-0022

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

The “screen dump” feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user’s terminal, e.g. when the user views a file containing the malicious sequence.

Affected configurations

NVD

Node

rxvtrxvtMatch2.6.1

rxvtrxvtMatch2.6.2

rxvtrxvtMatch2.6.3

rxvtrxvtMatch2.6.4

rxvtrxvtMatch2.7.5

rxvtrxvtMatch2.7.6

rxvtrxvtMatch2.7.7

rxvtrxvtMatch2.7.8

CPENameOperatorVersion
rxvt:rxvtrxvteq2.6.1
rxvt:rxvtrxvteq2.6.2
rxvt:rxvtrxvteq2.6.3
rxvt:rxvtrxvteq2.6.4
rxvt:rxvtrxvteq2.7.5
rxvt:rxvtrxvteq2.7.6
rxvt:rxvtrxvteq2.7.7
rxvt:rxvtrxvteq2.7.8

CPE	Name	Operator	Version
rxvt:rxvt	rxvt	eq	2.6.1
rxvt:rxvt	rxvt	eq	2.6.2
rxvt:rxvt	rxvt	eq	2.6.3
rxvt:rxvt	rxvt	eq	2.6.4
rxvt:rxvt	rxvt	eq	2.7.5
rxvt:rxvt	rxvt	eq	2.7.6
rxvt:rxvt	rxvt	eq	2.7.7
rxvt:rxvt	rxvt	eq	2.7.8