CVE-2021-28848
HIGHmintty < 3.4.5 - Denial of Service via Repeated Window Title Changes
Title source: llmDescription
Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling the Mintty window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon processing a title change.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://mintty.github.io/
Patch, Third Party Advisory x_refsource_confirm
https://github.com/mintty/mintty/commit/bd52109993440b6996760aaccb66e68e782762b9
Patch, Third Party Advisory x_refsource_confirm
https://github.com/mintty/mintty/compare/3.4.4...3.4.5
Scores
CVSS v3
7.5
EPSS
0.0164
EPSS Percentile
73.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (1)
mintty_project/mintty
< 3.4.5
Published
Jun 03, 2021
Tracked Since
Feb 18, 2026