CVE-2021-28848

Name of the Vulnerable Software and Affected Versions: Mintty versions prior to 3.4.5

Description: The issue allows remote servers to cause a denial of service, resulting in a Windows GUI hang, by repeatedly changing the Mintty window title at high speed. This leads to many SetWindowTextA or SetWindowTextW calls, as there is no implementation of a delay, such as usleep, upon processing a title change.

Recommendations: For versions prior to 3.4.5, update to version 3.4.5 or later to resolve the issue. As a temporary workaround, consider restricting the ability of remote servers to change the Mintty window title to minimize the risk of exploitation.