Description
The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Kevin Fenzi · textdoslinux
https://www.exploit-db.com/exploits/37477
References (10)
Core 10
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html
Issue Tracking x_refsource_confirm
https://bugzilla.gnome.org/show_bug.cgi?id=676090
Various Sources x_refsource_confirm
http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.changes
Various Sources x_refsource_confirm
http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.news
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/54281
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/15/11
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/23/6
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-08/msg00001.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083398.html
Scores
EPSS
0.1804
EPSS Percentile
95.2%
Details
CWE
CWE-119
Status
published
Products (50)
nalin_dahyabhai/vte
0.9.0
nalin_dahyabhai/vte
0.9.2
nalin_dahyabhai/vte
0.10
nalin_dahyabhai/vte
0.10.1
nalin_dahyabhai/vte
0.10.2
nalin_dahyabhai/vte
0.10.3
nalin_dahyabhai/vte
0.10.4
nalin_dahyabhai/vte
0.10.5
nalin_dahyabhai/vte
0.10.6
nalin_dahyabhai/vte
0.10.7
... and 40 more
Published
Jul 22, 2012
Tracked Since
Feb 18, 2026