Lucene search

K
mageiaGentoo FoundationMGASA-2024-0219
HistoryJun 14, 2024 - 8:30 p.m.

Updated vte packages fix security vulnerability

2024-06-1420:30:25
Gentoo Foundation
advisories.mageia.org
7
gnome
vte
security vulnerability
denial of service
memory consumption
window resize
cve-2000-0476
cve-2024-37535
unix

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.6%

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476. (CVE-2024-37535)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchvte< 0.72.1-1.1vte-0.72.1-1.1.mga9

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.6%