Lucene search

Gentoo FoundationMGASA-2022-0051

HistoryFeb 05, 2022 - 11:23 p.m.

Updated xterm packages fix security vulnerability

2022-02-0523:23:13

Gentoo Foundation

advisories.mageia.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

34.6%

JSON

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. (CVE-2022-24130)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchxterm< 363-1.2xterm-363-1.2.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	xterm	< 363-1.2	xterm-363-1.2.mga8

References

bugs.mageia.org/show_bug.cgi?id=29975

www.openwall.com/lists/oss-security/2022/01/31/1

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

34.6%

JSON

Related for MGASA-2022-0051