1. CVE-Search
  2. CVE-2012-2385
ID CVE-2012-2385
Summary The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
References
Vulnerable Configurations
  • cpe:2.3:a:keith_winstein:mosh:0.98c:*:*:*:*:*:*:*
    cpe:2.3:a:keith_winstein:mosh:0.98c:*:*:*:*:*:*:*
  • cpe:2.3:a:keith_winstein:mosh:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:keith_winstein:mosh:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:keith_winstein:mosh:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:keith_winstein:mosh:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:keith_winstein:mosh:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:keith_winstein:mosh:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:keith_winstein:mosh:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:keith_winstein:mosh:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:keith_winstein:mosh:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:keith_winstein:mosh:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:keith_winstein:mosh:1.1.3-1:*:*:*:*:*:*:*
    cpe:2.3:a:keith_winstein:mosh:1.1.3-1:*:*:*:*:*:*:*
  • cpe:2.3:a:keith_winstein:mosh:1.1.3-2:*:*:*:*:*:*:*
    cpe:2.3:a:keith_winstein:mosh:1.1.3-2:*:*:*:*:*:*:*
  • cpe:2.3:a:keith_winstein:mosh:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:keith_winstein:mosh:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:keith_winstein:mosh:*:*:*:*:*:*:*:*
    cpe:2.3:a:keith_winstein:mosh:*:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 29-08-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
refmap via4
bid 53646
confirm
fedora
  • FEDORA-2012-9414
  • FEDORA-2012-9422
  • FEDORA-2012-9442
misc https://bugzilla.redhat.com/show_bug.cgi?id=823943
mlist [oss-security] 20120522 Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher
secunia 49260
xf mosh-sequences-dos(75779)
Last major update 29-08-2017 - 01:31
Published 29-06-2012 - 19:55
Last modified 29-08-2017 - 01:31
Back to Top