PT-2023-6896 · Xterm+4 · Xterm+4

Published

2023-03-14

Updated

2024-06-15

CVE-2023-40359

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions xterm versions prior to 380

Description The issue is related to the ReGIS reporting feature in xterm, which can lead to a pointer/overflow problem when handling character-set names with unexpected characters. This can occur in xterm installations configured to use a certain experimental feature at compile time. The vulnerability may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For xterm versions prior to 380, update to version 380 or later to resolve the issue. As a temporary workaround, consider disabling the ReGIS reporting feature until a patch is available. Restrict access to the experimental feature configured at compile time to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

ALT-PU-2023-6609

ALT-PU-2023-6615

ALT-PU-2023-6636

AZL-27957

BDU:2023-07914

CVE-2023-40359

OPENSUSE-SU-2023_4438-1

OPENSUSE-SU-2024:13240-1

ROSA-SA-2024-2335

SUSE-SU-2023:4438-1

SUSE-SU-2023_4438-1

Affected Products

Alt Linux

Debian

Red Os

Suse

Xterm

PT-2023-6896 · Xterm+4 · Xterm+4

CVE-2023-40359

Weakness Enumeration

Related Identifiers

Affected Products

References · 28