CVE-2024-37535
Published: 9 June 2024
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.
Notes
Author | Note |
---|---|
alexmurray | PoC in oss-security reply |
Priority
Status
Package | Release | Status |
---|---|---|
vte2.91 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Released
(0.60.3-0ubuntu1~20.5)
|
|
jammy |
Released
(0.68.0-1ubuntu0.1)
|
|
mantic |
Released
(0.74.0-2ubuntu0.1)
|
|
noble |
Released
(0.76.0-1ubuntu0.1)
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
Patches: upstream: https://gitlab.gnome.org/GNOME/vte/-/commit/1803ba866053a3d7840892b9d31fe2944a183eda upstream: https://gitlab.gnome.org/GNOME/vte/-/commit/fd5511f24b7269195a7083f409244e9787c705dc upstream: https://gitlab.gnome.org/GNOME/vte/-/commit/036bc3ddcbb56f05c6ca76712a53b89dee1369e2 upstream: https://gitlab.gnome.org/GNOME/vte/-/commit/c313849c2e5133802e21b13fa0b141b360171d39 |