CVE-2023-40359 — Xterm vulnerability

7 documents7 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 68.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Invisible-island Xterm

Timeline

PublishedAug 14

Description

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDinvisible-island/xterm< 380

▶Debianinvisible-island/xterm< 382-2+1

🔴Vulnerability Details

OSV

CVE-2023-40359: xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i↗2023-08-14

▶

GHSA

GHSA-cwvr-vg72-6p6j: xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i↗2023-08-14

▶

CVEList

CVE-2023-40359: xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i↗2023-08-14

▶

📋Vendor Advisories

Red Hat

xterm: ReGIS reporting for character-set names containing characters other than alphanumerics or underscore.↗2023-08-14

▶

Microsoft

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e. neither alphanumeric nor underscore) aka a pointer/overflow issue. This can only occur f↗2023-08-08

▶

Debian

CVE-2023-40359: xterm - xterm before 380 supports ReGIS reporting for character-set names even if they h...↗2023

▶