CVE-2024-37535 — Uncontrolled Resource Consumption in VTE

CWE-400 — Uncontrolled Resource Consumption7 documents7 sources

Severity

4.4MEDIUMNVD

OSV5.0

EPSS

0.0%

top 96.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian VTE Debian Vte2.91 Msrc Azl3 Vte291 0.74.2-6 ON Azure Linux 3.0 +7 more

Timeline

PublishedJun 9

Latest updateJun 13

Description

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages10 packages

▶debiandebian/vte< vte2.91 0.76.3-6 (forky)

▶debiandebian/vte2.91< vte2.91 0.76.3-6 (forky)

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

▶msrcmsrc/cbl_mariner_2.0_arm

🔴Vulnerability Details

OSV

CVE-2024-37535: GNOME VTE before 0↗2024-06-09

▶

GHSA

GHSA-wrc7-97qh-j6mh: GNOME VTE before 0↗2024-06-09

▶

📋Vendor Advisories

Ubuntu

VTE vulnerability↗2024-06-13

▶

Microsoft

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence a related issue to CVE-2000-0476.↗2024-06-11

▶

Red Hat

vte: Denial of service via window resize escape sequence↗2024-06-09

▶

Debian

CVE-2024-37535: vte - GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory ...↗2024

▶