Vulnerability Details : CVE-2017-7467
A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process.
Vulnerability category: OverflowMemory CorruptionExecute code
Products affected by CVE-2017-7467
- cpe:2.3:a:minicom_project:minicom:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-7467
0.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-7467
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
Red Hat, Inc. |
CWE ids for CVE-2017-7467
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2017-7467
-
http://www.openwall.com/lists/oss-security/2017/04/18/5
oss-security - CVE-2017-7467: minicom and prl-vzvncserver vt100.c escparms[] buffer overflowExploit;Mailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/201706-13
minicom: Remote execution of arbitrary code (GLSA 201706-13) — Gentoo securityThird Party Advisory
-
http://www.securityfocus.com/bid/97966
Minicom CVE-2017-7467 Local Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7467
1442099 – (CVE-2017-7467) CVE-2017-7467 minicom: Out of bounds write in vt100.cIssue Tracking
Jump to