Back to search
CVE-2010-2713
Published: Aug 5, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-962-1
vendor-advisory
x_refsource_UBUNTU
ADV-2010-1839
vdb-entry
x_refsource_VUPEN
41716
vdb-entry
x_refsource_BID
SUSE-SR:2010:014
vendor-advisory
x_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=613110
x_refsource_CONFIRM
40635
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now