rpm package
opensuse/xterm&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/xterm&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-40359 | — | < 384-2.1 | 384-2.1 | Aug 14, 2023 | xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain ex | ||
| CVE-2022-45063 | Cri | 9.8 | < 375-2.1 | 375-2.1 | Nov 10, 2022 | xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. | |
| CVE-2021-27135 | — | < 368-2.2 | 368-2.2 | Feb 10, 2021 | xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | ||
| CVE-2008-2383 | — | < 368-2.2 | 368-2.2 | Jan 2, 2009 | CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CV |
- CVE-2023-40359Aug 14, 2023affected < 384-2.1fixed 384-2.1
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain ex
- affected < 375-2.1fixed 375-2.1
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
- CVE-2021-27135Feb 10, 2021affected < 368-2.2fixed 368-2.2
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
- CVE-2008-2383Jan 2, 2009affected < 368-2.2fixed 368-2.2
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CV