CVE-2022-24130 : xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

Published 2022-01-31 05:15:08

Updated 2022-08-19 10:00:14

Source MITRE

View at NVD, CVE.org

Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-2022-24130

Probability of exploitation activity in the next 30 days: 0.08%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 34 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-24130

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.6	LOW	AV:N/AC:H/Au:N/C:N/I:N/A:P	4.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-24130

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-24130

https://www.openwall.com/lists/oss-security/2022/01/30/2

oss-security - xterm buffer overflow via crafted sixel
Exploit;Mailing List;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/02/msg00007.html

[SECURITY] [DLA 2913-1] xterm security update
Mailing List;Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/30/3

oss-security - Re: xterm buffer overflow via crafted sixel
Exploit;Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4CWYYEBT6AJRJBBQU2KLUOQDHRM7WAV/

[SECURITY] Fedora 35 Update: xterm-370-3.fc35 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://twitter.com/nickblack/status/1487731459398025216

nick black 🇼🇸 on Twitter: "100% reproducible XTerm crash whoops! https://t.co/YPT8GQkyiU" / Twitter
Exploit;Third Party Advisory
https://security.gentoo.org/glsa/202208-22

xterm: Multiple Vulnerabilities (GLSA 202208-22) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP5Y4O7WBNLV24D22E6LE7RQFYOUVD2U/

[SECURITY] Fedora 34 Update: xterm-370-3.fc34 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://invisible-island.net/xterm/xterm.log.html

XTERM - Change Log
Patch;Release Notes;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2022-24130

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Invisible-island » Xterm
Versions up to, including, (<=) 370
cpe:2.3:a:invisible-island:xterm:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 34
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2022-24130

Exploit prediction scoring system (EPSS) score for CVE-2022-24130

CVSS scores for CVE-2022-24130

CWE ids for CVE-2022-24130

References for CVE-2022-24130

Products affected by CVE-2022-24130