CVE-2012-2738
published 2012-07-22CVE-2012-2738: The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an…
PriorityP420medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
11.15%
95.4th percentile
The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
Affected
152 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vte | < vte 1:0.28.2-5 (bookworm) | vte 1:0.28.2-5 (bookworm) |
| nalin_dahyabhai | vte | <= 0.32.1 | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
| nalin_dahyabhai | vte | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv4.0MEDIUM
vendor_debian4.0MEDIUM
vendor_redhat4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-55r6-7773-xfwg: The VteTerminal in gnome-terminal (vte) before 0
ghsa_unreviewed·2022-05-17
CVE-2012-2738 [MEDIUM] CWE-119 GHSA-55r6-7773-xfwg: The VteTerminal in gnome-terminal (vte) before 0
The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
OSV
CVE-2012-2738: The VteTerminal in gnome-terminal (vte) before 0
osv·2012-07-22·CVSS 4.0
CVE-2012-2738 [MEDIUM] CVE-2012-2738: The VteTerminal in gnome-terminal (vte) before 0
The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
Red Hat
vte: DoS (long loop) via escape sequences with large repeat counts
vendor_redhat·2012-05-15·CVSS 4.0
CVE-2012-2738 [MEDIUM] vte: DoS (long loop) via escape sequences with large repeat counts
vte: DoS (long loop) via escape sequences with large repeat counts
The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
Package: vte (Red Hat Enterprise Linux 5) - Will not fix
Package: vte (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2012-2738: vte - The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticate...
vendor_debian·2012·CVSS 4.0
CVE-2012-2738 [MEDIUM] CVE-2012-2738: vte - The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticate...
The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
Scope: local
bookworm: resolved (fixed in 1:0.28.2-5)
bullseye: resolved (fixed in 1:0.28.2-5)
forky: resolved (fixed in 1:0.28.2-5)
sid: resolved (fixed in 1:0.28.2-5)
trixie: resolved (fixed in 1:0.28.2-5)
No detection rules found.
http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.changeshttp://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.newshttp://lists.fedoraproject.org/pipermail/package-announce/2012-July/083398.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.htmlhttp://lists.opensuse.org/opensuse-updates/2012-08/msg00001.htmlhttp://www.openwall.com/lists/oss-security/2012/05/23/6http://www.openwall.com/lists/oss-security/2012/06/15/11http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.securityfocus.com/bid/54281https://bugzilla.gnome.org/show_bug.cgi?id=676090http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.changeshttp://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.newshttp://lists.fedoraproject.org/pipermail/package-announce/2012-July/083398.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.htmlhttp://lists.opensuse.org/opensuse-updates/2012-08/msg00001.htmlhttp://www.openwall.com/lists/oss-security/2012/05/23/6http://www.openwall.com/lists/oss-security/2012/06/15/11http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.securityfocus.com/bid/54281https://bugzilla.gnome.org/show_bug.cgi?id=676090
2012-07-22
Published