← Back

CVE-2010-2713

nvd nist
Published: Aug 5, 2010Modified: Apr 29, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.

Affected (10)

Products: Nalin Dahyabhai: Vte
Nalin Dahyabhai
1 product
Vte
Configuration A
10 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nalin Dahyabhai
Vte
Up to 0.25.1
Vte
Version 0.11.21
Vte
Version 0.12.2
Vte
Version 0.14.2
Vte
Version 0.15.0
Vte
Version 0.16.14
Vte
Version 0.17.4
Vte
Version 0.20.5
Vte
Version 0.22.5
Vte
Version 0.24.3
Running on/withPlatform Versions
Gnome
Gnome Terminal
All versions

References (14)

Source: security@ubuntu.com
ExploitPatch
Source: security@ubuntu.com
Source: security@ubuntu.com
Vendor Advisory
Source: security@ubuntu.com
Source: security@ubuntu.com
Source: security@ubuntu.com
Vendor Advisory
Source: security@ubuntu.com
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.