Lucene search

[email protected]CVE-2011-2198

HistoryMay 21, 2014 - 2:55 p.m.

CVE-2011-2198

2014-05-2114:55:05

CWE-20

CWE-399

[email protected]

web.nvd.nist.gov

cve-2011-2198

gnome-terminal

vte

denial of service

authenticated users

caps.c

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

5.9 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.6%

JSON

The “insert-blank-characters” capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string “\033[100000000000000000@”.

Affected configurations

NVD

Node

gnomegnome-terminalRange≤0.28.0

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.1

Node

oraclesolarisMatch11.2

CPENameOperatorVersion
gnome:gnome-terminalgnome gnome-terminalle0.28.0

CPE	Name	Operator	Version
gnome:gnome-terminal	gnome gnome-terminal	le	0.28.0

References

lists.opensuse.org/opensuse-updates/2012-08/msg00001.html

www.openwall.com/lists/oss-security/2011/06/09/3

www.openwall.com/lists/oss-security/2011/06/13/10

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

bugs.debian.org/cgi-bin/bugreport.cgi?bug=629688

bugzilla.gnome.org/show_bug.cgi?id=652124

bugzilla.redhat.com/show_bug.cgi?id=712148

git.gnome.org/browse/vte/commit/?h=vte-0-28&id=ac71d26f067be3a21bff315c3cabf24c94360dd6

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

5.9 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for CVE-2011-2198

prion1 nvd1 ubuntucve1 openvas5 nessus6 fedora2 debiancve1 cvelist1 gentoo1