CVE-2024-37535
published 2024-06-09CVE-2024-37535: GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to…
PriorityP414medium4.4CVSS 3.1
AVLACLPRHUINSUCNINAH
EPSS
0.24%
14.7th percentile
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vte | < vte2.91 0.76.3-6 (forky) | vte2.91 0.76.3-6 (forky) |
| debian | vte2.91 | < vte2.91 0.76.3-6 (forky) | vte2.91 0.76.3-6 (forky) |
| msrc | azl3_vte291_0.74.2-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_vte291_0.74.2-7_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_vte291_0.66.2-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_vte291_0.66.2-4_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
vendor_msrc4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-37535: GNOME VTE before 0
osv·2024-06-09·CVSS 5.0
CVE-2024-37535 [MEDIUM] CVE-2024-37535: GNOME VTE before 0
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.
GHSA
GHSA-wrc7-97qh-j6mh: GNOME VTE before 0
ghsa_unreviewed·2024-06-09·CVSS 5.0
CVE-2024-37535 [MEDIUM] CWE-400 GHSA-wrc7-97qh-j6mh: GNOME VTE before 0
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.
Ubuntu
VTE vulnerability
vendor_ubuntu·2024-06-13
CVE-2024-37535 VTE vulnerability
Title: VTE vulnerability
Summary: VTE could be made to consume resources and crash if it displayed specially
crafted data.
Siddharth Dushantha discovered that VTE incorrectly handled large window
resize escape sequences. An attacker could possibly use this issue to
consume resources, leading to a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence a related issue to CVE-2000-0476.
vendor_msrc·2024-06-11·CVSS 4.4
CVE-2024-37535 [MEDIUM] CWE-400 GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence a related issue to CVE-2000-0476.
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence a related issue to CVE-2000-0476.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Marine
Red Hat
vte: Denial of service via window resize escape sequence
vendor_redhat·2024-06-09·CVSS 5.0
CVE-2024-37535 [MEDIUM] CWE-400 vte: Denial of service via window resize escape sequence
vte: Denial of service via window resize escape sequence
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.
A flaw was found in gnome VTE. This flaw allows an attacker to cause a denial of service via a window resize escape sequence.
Package: vte291 (Red Hat Enterprise Linux 10) - Not affected
Package: vte (Red Hat Enterprise Linux 6) - Out of support scope
Package: vte291 (Red Hat Enterprise Linux 7) - Out of support scope
Package: vte3 (Red Hat Enterprise Linux 7) - Out of support scope
Package: vte291 (Red Hat Enterprise Linux 8) - Fix deferred
Package: vte291 (Red Hat Enterprise Linux 9) - Fix deferred
Debian
CVE-2024-37535: vte - GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory ...
vendor_debian·2024·CVSS 5.0
CVE-2024-37535 [MEDIUM] CVE-2024-37535: vte - GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory ...
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2024/06/09/1http://www.openwall.com/lists/oss-security/2024/06/09/2https://gitlab.gnome.org/GNOME/vte/-/issues/2786https://gitlab.gnome.org/GNOME/vte/-/tags/0.76.3http://www.openwall.com/lists/oss-security/2024/06/09/1http://www.openwall.com/lists/oss-security/2024/06/09/2https://gitlab.gnome.org/GNOME/vte/-/issues/2786https://gitlab.gnome.org/GNOME/vte/-/tags/0.76.3
2024-06-09
Published