9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
83.2%
Paul Szabo discovered that xterm, a terminal emulator for the X Window
System, places arbitrary characters into the input buffer when
displaying certain crafted escape sequences (CVE-2008-2383).
As an additional precaution, this security update also disables font
changing, user-defined keys, and X property changes through escape
sequences.
For the stable distribution (etch), this problem has been fixed in
version 222-1etch3.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your xterm package.
CPE | Name | Operator | Version |
---|---|---|---|
xterm | eq | 222-1etch2 |