cbcvebase.
CVE-2008-2383
published 2009-01-02

CVE-2008-2383: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within…

PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
4.97%
91.1th percentile
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianxterm< xterm 238-2 (bookworm)xterm 238-2 (bookworm)
github.commigueldeicaza_swiftterm>= 0 < 1.2.01.2.0
invisible-islandxterm
invisible-islandxterm>= 0 < 238-2238-2
invisible-islandxterm>= 0 < 238-2238-2
invisible-islandxterm>= 0 < 238-2238-2
invisible-islandxterm>= 0 < 238-2238-2

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
ghsa7.3HIGH
osv7.3HIGH
vendor_ubuntu9.3CRITICAL
vendor_debian7.3MEDIUM
vendor_redhat7.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.