ID CVE-2011-2198
Summary The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
References
Vulnerable Configurations
  • GNOME gnome-terminal 0.28.0
    cpe:2.3:a:gnome:gnome-terminal:0.28.0
  • OpenSUSE 11.4
    cpe:2.3:o:opensuse:opensuse:11.4
  • OpenSUSE 12.1
    cpe:2.3:o:opensuse:opensuse:12.1
  • Oracle Solaris 11.2
    cpe:2.3:o:oracle:solaris:11.2
CVSS
Base: 3.5 (as of 21-11-2016 - 22:24)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-471.NASL
    description - Add vte-CVE-2011-2198.patch: fix memory exhaustion through malicious escape sequences. Fix bnc#699214, CVE-2011-2198 (openSUSE 11.4 only). - Add vte-CVE-2012-2738.patch: fix potential DoS through malicious escape sequences. Fix bnc#772761, CVE-2012-2738.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74696
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74696
    title openSUSE Security Update : vte/gnome-terminal (openSUSE-SU-2012:0931-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-10 (Multiple packages, Multiple vulnerabilities fixed in 2012) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. EGroupware VTE Layer Four Traceroute (LFT) Suhosin Slock Ganglia Jabber to GaduGadu Gateway Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 79963
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79963
    title GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012
refmap via4
confirm
mlist
  • [oss-security] 20110609 CVE Request -- vte -- Excessive memory and CPU use by processing certain character sequences
  • [oss-security] 20110613 CVE Request -- vte -- Excessive memory and CPU use by processing certain character sequences
suse openSUSE-SU-2012:0931
Last major update 22-11-2016 - 11:04
Published 21-05-2014 - 10:55
Last modified 30-10-2018 - 12:27
Back to Top