CVE-2011-2198

Published: May 21, 2014Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".

Affected (4)

Products: Gnome: Gnome Terminal · Opensuse: Opensuse · Oracle: Solaris

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnome Gnome Terminal	Up to 0.28.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.4
Opensuse Opensuse	Version 12.1

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://lists.opensuse.org/opensuse-updates/2012-08/msg00001.html

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2011/06/09/3

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2011/06/13/10

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: secalert@redhat.com

Third Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629688

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.gnome.org/show_bug.cgi?id=652124

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=712148

Source: secalert@redhat.com

Issue TrackingThird Party AdvisoryVDB Entry

https://git.gnome.org/browse/vte/commit/?h=vte-0-28&id=ac71d26f067be3a21bff315c3cabf24c94360dd6

Source: secalert@redhat.com

ExploitPatch

http://lists.opensuse.org/opensuse-updates/2012-08/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2011/06/09/3

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2011/06/13/10

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629688

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.gnome.org/show_bug.cgi?id=652124

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=712148

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party AdvisoryVDB Entry

https://git.gnome.org/browse/vte/commit/?h=vte-0-28&id=ac71d26f067be3a21bff315c3cabf24c94360dd6

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

Timeline

No history available yet.