Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2738Improper Restriction of Operations within the Bounds of a Memory Buffer in VTE

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
4.0MEDIUMNVD
EPSS
18.0%
top 4.82%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Nalin Dahyabhai VTEDebian VTE
Timeline
PublishedJul 22
Latest updateMay 17

Description

The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/vte< vte 1:0.28.2-5 (bookworm)
Debiannalin_dahyabhai/vte< 1:0.28.2-5+3
NVDnalin_dahyabhai/vte0.32.1+146

🔴Vulnerability Details

2
GHSA
GHSA-55r6-7773-xfwg: The VteTerminal in gnome-terminal (vte) before 02022-05-17
OSV
CVE-2012-2738: The VteTerminal in gnome-terminal (vte) before 02012-07-22

💥Exploits & PoCs

1
Exploit-DB
gnome-terminal (vte) VteTerminal - Escape Sequence Parsing Remote Denial of Service2012-07-03

📋Vendor Advisories

2
Red Hat
vte: DoS (long loop) via escape sequences with large repeat counts2012-05-15
Debian
CVE-2012-2738: vte - The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticate...2012

💬Community

1
Bugzilla
CVE-2012-2738 vte: DoS (long loop) via escape sequences with large repeat counts2012-06-15