CVE-2000-0476
published 2000-06-01CVE-2000-0476: xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
PriorityP414medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
2.53%
82.9th percentile
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vte | < vte2.91 0.76.3-6 (forky) | vte2.91 0.76.3-6 (forky) |
| debian | vte2.91 | < vte2.91 0.76.3-6 (forky) | vte2.91 0.76.3-6 (forky) |
| michael_jennings | eterm | — | — |
| msrc | azl3_vte291_0.74.2-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_vte291_0.74.2-7_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_vte291_0.66.2-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_vte291_0.66.2-4_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| putty | putty | — | — |
| rxvt | rxvt | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
vendor_msrc4.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-37535: GNOME VTE before 0
osv·2024-06-09·CVSS 5.0
CVE-2024-37535 [MEDIUM] CVE-2024-37535: GNOME VTE before 0
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.
GHSA
GHSA-wrc7-97qh-j6mh: GNOME VTE before 0
ghsa_unreviewed·2024-06-09·CVSS 5.0
CVE-2024-37535 [MEDIUM] CWE-400 GHSA-wrc7-97qh-j6mh: GNOME VTE before 0
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.
GHSA
GHSA-v649-2qq3-7mg9: xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized
ghsa_unreviewed·2022-04-30
CVE-2000-0476 [MEDIUM] GHSA-v649-2qq3-7mg9: xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
Microsoft
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence a related issue to CVE-2000-0476.
vendor_msrc·2024-06-11·CVSS 4.4
CVE-2024-37535 [MEDIUM] CWE-400 GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence a related issue to CVE-2000-0476.
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence a related issue to CVE-2000-0476.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Marine
Red Hat
vte: Denial of service via window resize escape sequence
vendor_redhat·2024-06-09·CVSS 5.0
CVE-2024-37535 [MEDIUM] CWE-400 vte: Denial of service via window resize escape sequence
vte: Denial of service via window resize escape sequence
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.
A flaw was found in gnome VTE. This flaw allows an attacker to cause a denial of service via a window resize escape sequence.
Package: vte291 (Red Hat Enterprise Linux 10) - Not affected
Package: vte (Red Hat Enterprise Linux 6) - Out of support scope
Package: vte291 (Red Hat Enterprise Linux 7) - Out of support scope
Package: vte3 (Red Hat Enterprise Linux 7) - Out of support scope
Package: vte291 (Red Hat Enterprise Linux 8) - Fix deferred
Package: vte291 (Red Hat Enterprise Linux 9) - Fix deferred
Debian
CVE-2024-37535: vte - GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory ...
vendor_debian·2024·CVSS 5.0
CVE-2024-37535 [MEDIUM] CVE-2024-37535: vte - GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory ...
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
Exploit-DB
Winamp 5.12 - '.pls' Remote Buffer Overflow (Perl) (2)
exploitdb·2007-03-07
CVE-2006-0476 Winamp 5.12 - '.pls' Remote Buffer Overflow (Perl) (2)
Winamp 5.12 - '.pls' Remote Buffer Overflow (Perl) (2)
---
#!/usr/bin/perl -w
# ===============================================================================================
# Winamp 5.12 Playlist UNC Path Computer Name Overflow Perl Exploit
# By Umesh Wanve ([email protected])
# ===========================================================================================================================
# Credits : ATmaCA is credited with the discovery of this vulnerability.
#
# Date : 07-03-2007
#
# Tested on Windows 2000 SP4 Server English
# Windows 2000 SP4 Professional English
#
# You can replace shellcode with your favourite one :)
#
#
# Buffer = "\x90 x 1023" + EIP
#
# Desc: you cant put shellcode after EIP. No more space after this. The winamp simply crashes. When you debug it,
Exploit-DB
Eterm 0.8.10 / rxvt 2.6.1 / PuTTY 0.48 / X11R6 3.3.3/4.0 - Denial of Service
exploitdb·2000-05-31
CVE-2000-0476 Eterm 0.8.10 / rxvt 2.6.1 / PuTTY 0.48 / X11R6 3.3.3/4.0 - Denial of Service
Eterm 0.8.10 / rxvt 2.6.1 / PuTTY 0.48 / X11R6 3.3.3/4.0 - Denial of Service
---
// source: https://www.securityfocus.com/bid/1298/info
xterm is a popular X11-based terminal emulator. If VT control-characters are displayed in the xterm, they can be interpreted and used to cause a denial of service attack against the client (and even the host running the client). What makes it possible for remote users to exploit this vulnerability is a situation like this:
An admin is tailing the http access log
Attacker requests url with control characters in it
Admin's xterm crashes
This vulnerability also affects applications (such as other terminal emulators) derived from xterm code.
/*
*
* xterm Denial of Service Attack
* (C) 2000 Kit Knox - 5/31/2000
*
* Tested against: xterm (XFree86 3.3.3.1
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-05/0420.htmlhttp://www.openwall.com/lists/oss-security/2024/06/09/1http://www.openwall.com/lists/oss-security/2024/06/09/2http://www.securityfocus.com/bid/1298http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-05/0420.htmlhttp://www.openwall.com/lists/oss-security/2024/06/09/1http://www.openwall.com/lists/oss-security/2024/06/09/2http://www.securityfocus.com/bid/1298
2000-06-01
Published