VYPR
← All advisories
Unrated severityNVD Advisory· Published May 2, 2005· Updated Apr 16, 2026

CVE-2005-0764

CVE-2005-0764

Description

Buffer overflow in rxvt-unicode before 5.3 allows arbitrary code execution via a crafted file containing long escape sequences.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflow in rxvt-unicode before 5.3 allows arbitrary code execution via a crafted file containing long escape sequences.

Vulnerability

A buffer overflow exists in the command.C file of rxvt-unicode versions 4.8 and higher, prior to 5.3. The flaw occurs when processing escape sequences, such as ^[P, followed by a long text string. The code fails to properly validate the input length, allowing an attacker to overwrite allocated stack space beyond the intended buffer [1][2].

Exploitation

An attacker must deliver a crafted file containing a long escape sequence to a user who then displays the file in rxvt-unicode (e.g., by running cat evil_file). No authentication or special privileges are required; user interaction is necessary. The overflow can be triggered with a simple Perl command: perl -e 'print "^[P" . ("x" x 5000)' > /tmp/evil_file [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code with the same privileges as the user running rxvt-unicode. This can lead to full compromise of the user's session, including data disclosure, modification, or further escalation [2].

Mitigation

The vulnerability is fixed in rxvt-unicode version 5.3, released shortly after the disclosure. Users should upgrade to version 5.3 or later. The official patch adjusts the length check in command.C to prevent the overflow [1][2]. There is no known workaround for unpatched versions.

References
  1. 84680 – x11-terms/rxvt-unicode buffer overflow (CAN-2005-0764)
  2. Buffer overflow (GLSA 200503-23) — Gentoo security

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

20
  • Marc Lehmann/Rxvt Unicode19 versions
    cpe:2.3:a:marc_lehmann:rxvt-unicode:3.4:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:4.9:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_lehmann:rxvt-unicode:5.2:*:*:*:*:*:*:*
  • Rxvt Unicode/Rxvt Unicodellm-fuzzy
    Range: <5.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.