Lucene search

ROSA LABROSA-SA-2024-2335

HistoryJan 30, 2024 - 8:44 a.m.

Advisory ROSA-SA-2024-2335

2024-01-3008:44:41

ROSA LAB

abf.rosalinux.ru

xterm 386

rosa-chrome

vulnerability

regis reporting

buffer boundaries

memory

remote attacker

confidentiality

integrity

availability

fixed

sudo dnf update

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.3%

JSON

software: xterm 386
WASP: ROSA-CHROME

package_evr_string: xterm-386-1.src.rpm

CVE-ID: CVE-2023-40359
BDU-ID: 2023-07914
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the ReGIS Vector Graphics Reporting (ReGIS Reporting) feature of the XTerm terminal emulator is related to an operation exceeding buffer boundaries in memory when processing name character sets. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality, integrity and availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xterm

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchxterm< 386UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ROSA	any	noarch	xterm	< 386	UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for ROSA-SA-2024-2335