CVE-2008-2383Code Injection in Xterm

CWE-94Code Injection12 documents9 sources
Severity
9.3CRITICALNVD
CNA7.3GHSA7.3OSV7.3
EPSS
1.8%
top 17.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Invisible-island XtermGithub.com Migueldeicaza Swiftterm
Timeline
PublishedJan 2
Latest updateJul 14

Description

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

Debianinvisible-island/xterm< 238-2+3

🔴Vulnerability Details

5
GHSA
SwiftTerm Code Injection vulnerability2023-07-14
OSV
SwiftTerm Code Injection vulnerability2023-07-14
GHSA
GHSA-94vw-2f3v-j88m: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na2022-05-01
OSV
CVE-2008-2383: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na2009-01-02
CVEList
CVE-2008-2383: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na2009-01-02

📋Vendor Advisories

3
Ubuntu
xterm vulnerabilities2009-01-06
Red Hat
xterm: arbitrary command injection2008-12-29
Debian
CVE-2008-2383: xterm - CRLF injection vulnerability in xterm allows user-assisted attackers to execute ...2008

💬Community

3
Bugzilla
CVE-2009-4487 nginx: Absent sanitation of escape sequences in web server log2010-02-08
Bugzilla
CVE-2008-2383 xterm: arbitrary command injection2009-01-06
Bugzilla
CVE-2008-2383 xterm: arbitrary command injection2009-01-05
CVE-2008-2383 — Code Injection in Xterm | cvebase