CVE-2011-2198
Published: 21 May 2014
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
Notes
Author | Note |
---|---|
jdstrand | user-assisted denial of service (memory exhaustion) |
Priority
Status
Package | Release | Status |
---|---|---|
vte Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Not vulnerable
(1:0.28.2-0ubuntu2)
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
upstream |
Released
(1:0.28.1-1)
|
|
Patches: upstream: http://git.gnome.org/browse/vte/commit/?h=vte-0-28&id=ac71d26f067be3a21bff315c3cabf24c94360dd6 |