CVE-2011-2198 — Improper Input Validation in Gnome-terminal

CWE-20 — Improper Input Validation CWE-3997 documents6 sources

Severity

3.5LOWNVD

EPSS

0.8%

top 25.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nalin Dahyabhai VTE Debian VTE Gnome Gnome-terminal +2 more

Timeline

PublishedMay 21

Latest updateMay 14

Description

The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages5 packages

▶NVDgnome/gnome-terminal0.28.0

▶debiandebian/vte< vte 1:0.28.1-1 (bookworm)

▶Debiannalin_dahyabhai/vte< 1:0.28.1-1+3

▶NVDoracle/solaris11.2

▶NVDopensuse/opensuse11.4, 12.1+1

Patches

Patch: bugzilla.gnome.org ↗Patch: git.gnome.org ↗Patch: bugzilla.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-h28x-j69c-gvmr: The "insert-blank-characters" capability in caps↗2022-05-14

▶

OSV

CVE-2011-2198: The "insert-blank-characters" capability in caps↗2014-05-21

▶

📋Vendor Advisories

Red Hat

vte: Excessive memory and CPU use by processing certain character sequences↗2011-06-08

▶

Debian

CVE-2011-2198: vte - The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) befor...↗2011

▶

💬Community

Bugzilla

CVE-2011-2198 vte: Excessive memory and CPU use by processing certain character sequences↗2011-06-09

▶

Bugzilla

CVE-2011-1400 tetex, texlive: shell_escape_commands insufficient input sanitization (ACE)↗2011-03-30

▶