CVE-2011-2198
published 2014-05-21CVE-2011-2198: The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU…
PriorityP412low3.5CVSS 2.0
AVNACMAuSCNINAP
EPSS
2.16%
79.9th percentile
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vte | < vte 1:0.28.1-1 (bookworm) | vte 1:0.28.1-1 (bookworm) |
| gnome | gnome-terminal | <= 0.28.0 | — |
| nalin_dahyabhai | vte | >= 0 < 1:0.28.1-1 | 1:0.28.1-1 |
| nalin_dahyabhai | vte | >= 0 < 1:0.28.1-1 | 1:0.28.1-1 |
| nalin_dahyabhai | vte | >= 0 < 1:0.28.1-1 | 1:0.28.1-1 |
| nalin_dahyabhai | vte | >= 0 < 1:0.28.1-1 | 1:0.28.1-1 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| oracle | solaris | — | — |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
osv3.5LOW
vendor_debian3.5LOW
vendor_redhat3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
vte: Excessive memory and CPU use by processing certain character sequences
vendor_redhat·2011-06-08·CVSS 3.5
CVE-2011-2198 [LOW] vte: Excessive memory and CPU use by processing certain character sequences
vte: Excessive memory and CPU use by processing certain character sequences
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
Package: vte (Red Hat Enterprise Linux 4) - Will not fix
Package: vte (Red Hat Enterprise Linux 5) - Will not fix
Package: vte (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2011-2198: vte - The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) befor...
vendor_debian·2011·CVSS 3.5
CVE-2011-2198 [LOW] CVE-2011-2198: vte - The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) befor...
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
Scope: local
bookworm: resolved (fixed in 1:0.28.1-1)
bullseye: resolved (fixed in 1:0.28.1-1)
forky: resolved (fixed in 1:0.28.1-1)
sid: resolved (fixed in 1:0.28.1-1)
trixie: resolved (fixed in 1:0.28.1-1)
GHSA
GHSA-h28x-j69c-gvmr: The "insert-blank-characters" capability in caps
ghsa_unreviewed·2022-05-14
CVE-2011-2198 [LOW] CWE-20 GHSA-h28x-j69c-gvmr: The "insert-blank-characters" capability in caps
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
OSV
CVE-2011-2198: The "insert-blank-characters" capability in caps
osv·2014-05-21·CVSS 3.5
CVE-2011-2198 [LOW] CVE-2011-2198: The "insert-blank-characters" capability in caps
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2198 vte: Excessive memory and CPU use by processing certain character sequences
bugzilla·2011-06-09·CVSS 3.5
CVE-2011-2198 [LOW] CVE-2011-2198 vte: Excessive memory and CPU use by processing certain character sequences
CVE-2011-2198 vte: Excessive memory and CPU use by processing certain character sequences
An memory exhaustion flaw was found in the way VTE, a terminal emulator
widget, processed certain character sequences. A remote attacker could
provide a specially-crafted file, which once opened in a terminal using
the VTE terminal emulator could lead to excessive memory and CPU consumption.
References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629688
[2] https://bugzilla.gnome.org/show_bug.cgi?id=652124
Discussion:
This issue affects the versions of the vte package, as shipped with
Red Hat Enterprise Linux 4, 5, and 6.
--
This issue affects the versions of the vte package, as shipped with
Fedora release of 13, 14, and 15. Please schedule an update (once final
upstream patch known).
Bugzilla
CVE-2011-1400 tetex, texlive: shell_escape_commands insufficient input sanitization (ACE)
bugzilla·2011-03-30·CVSS 6.8
CVE-2011-1400 [MEDIUM] CVE-2011-1400 tetex, texlive: shell_escape_commands insufficient input sanitization (ACE)
CVE-2011-1400 tetex, texlive: shell_escape_commands insufficient input sanitization (ACE)
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1400 to
the following vulnerability:
The default configuration of the shell_escape_commands directive in
conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in
Debian GNU/Linux squeeze lists certain programs, which might allow
remote attackers to execute arbitrary code via a crafted TeX document.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1400
[2] http://svn.debian.org/wsvn/debian-tex/?op=comp&compare[]=%2Ftex-common%2Ftrunk@4781&compare[]=%2Ftex-common%2Ftrunk@4812
[3] http://svn.debian.org/wsvn/debian-tex/tex-common/trunk/?op=log
[4] http://www.debian.org/security/2011/dsa-2198
[5] http
http://lists.opensuse.org/opensuse-updates/2012-08/msg00001.htmlhttp://www.openwall.com/lists/oss-security/2011/06/09/3http://www.openwall.com/lists/oss-security/2011/06/13/10http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629688https://bugzilla.gnome.org/show_bug.cgi?id=652124https://bugzilla.redhat.com/show_bug.cgi?id=712148https://git.gnome.org/browse/vte/commit/?h=vte-0-28&id=ac71d26f067be3a21bff315c3cabf24c94360dd6http://lists.opensuse.org/opensuse-updates/2012-08/msg00001.htmlhttp://www.openwall.com/lists/oss-security/2011/06/09/3http://www.openwall.com/lists/oss-security/2011/06/13/10http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629688https://bugzilla.gnome.org/show_bug.cgi?id=652124https://bugzilla.redhat.com/show_bug.cgi?id=712148https://git.gnome.org/browse/vte/commit/?h=vte-0-28&id=ac71d26f067be3a21bff315c3cabf24c94360dd6
2014-05-21
Published