CVE-2003-0071
published 2003-03-03CVE-2003-0071: The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain…
PriorityP47low2.1CVSS 2.0
AVLACLAuNCNINAP
EPSS
0.45%
36.0th percentile
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xterm | < xterm 238-2 (bookworm) | xterm 238-2 (bookworm) |
| invisible-island | xterm | — | — |
| invisible-island | xterm | >= 0 < 238-2 | 238-2 |
| invisible-island | xterm | >= 0 < 238-2 | 238-2 |
| invisible-island | xterm | >= 0 < 238-2 | 238-2 |
| invisible-island | xterm | >= 0 < 238-2 | 238-2 |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv7.3HIGH
vendor_debian7.3MEDIUM
vendor_redhat7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-94vw-2f3v-j88m: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na
ghsa_unreviewed·2022-05-01·CVSS 7.3
CVE-2008-2383 [HIGH] CWE-94 GHSA-94vw-2f3v-j88m: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
GHSA
GHSA-xv76-8jhj-2c53: The DEC UDK processing feature in the xterm terminal emulator in XFree86 4
ghsa_unreviewed·2022-04-29
CVE-2003-0071 [LOW] GHSA-xv76-8jhj-2c53: The DEC UDK processing feature in the xterm terminal emulator in XFree86 4
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
OSV
CVE-2008-2383: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na
osv·2009-01-02·CVSS 7.3
CVE-2008-2383 [HIGH] CVE-2008-2383: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Red Hat
xterm: arbitrary command injection
vendor_redhat·2008-12-29·CVSS 7.3
CVE-2008-2383 [HIGH] xterm: arbitrary command injection
xterm: arbitrary command injection
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Debian
CVE-2008-2383: xterm - CRLF injection vulnerability in xterm allows user-assisted attackers to execute ...
vendor_debian·2008·CVSS 7.3
CVE-2008-2383 [HIGH] CVE-2008-2383: xterm - CRLF injection vulnerability in xterm allows user-assisted attackers to execute ...
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Scope: local
bookworm: resolved (fixed in 238-2)
bullseye: resolved (fixed in 238-2)
forky: resolved (fixed in 238-2)
sid: resolved (fixed in 238-2)
trixie: resolved (fixed in 238-2)
Red Hat
security flaw
vendor_redhat·2003-02-24·CVSS 2.1
CVE-2003-0071 [LOW] security flaw
security flaw
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2003-0071 security flaw
bugzilla·2018-08-16·CVSS 2.1
CVE-2003-0071 [LOW] CVE-2003-0071 security flaw
CVE-2003-0071 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
Bugzilla
CVE-2008-2383 xterm: arbitrary command injection
bugzilla·2009-01-05·CVSS 7.3
CVE-2008-2383 [HIGH] CVE-2008-2383 xterm: arbitrary command injection
CVE-2008-2383 xterm: arbitrary command injection
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2383 to the following vulnerability:
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
This issue affects xterm as shipped with Red Hat Enterprise Linux 3, 4, and 5.
Discussion:
Created attachment 328245
Patch extracted from upstream
---
The version of xterm as shipped in Red Hat Enterprise Linux 2.1 is not affected by this issue.
The reason is that in the older xterm version control characters such as \n characters were not al
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.htmlhttp://marc.info/?l=bugtraq&m=104612710031920&w=2http://www.debian.org/security/2003/dsa-380http://www.iss.net/security_center/static/11415.phphttp://www.redhat.com/support/errata/RHSA-2003-064.htmlhttp://www.redhat.com/support/errata/RHSA-2003-065.htmlhttp://www.redhat.com/support/errata/RHSA-2003-066.htmlhttp://www.redhat.com/support/errata/RHSA-2003-067.htmlhttp://www.securityfocus.com/bid/6950http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.htmlhttp://marc.info/?l=bugtraq&m=104612710031920&w=2http://www.debian.org/security/2003/dsa-380http://www.iss.net/security_center/static/11415.phphttp://www.redhat.com/support/errata/RHSA-2003-064.htmlhttp://www.redhat.com/support/errata/RHSA-2003-065.htmlhttp://www.redhat.com/support/errata/RHSA-2003-066.htmlhttp://www.redhat.com/support/errata/RHSA-2003-067.htmlhttp://www.securityfocus.com/bid/6950
2003-03-03
Published