CVE-2023-40359 - OpenCVE

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Invisible-island	Xterm

Configuration 1 [-]

cpe:2.3:a:invisible-island:xterm:*:*:*:*:*:*:*:*

References

Link	Resource
https://invisible-island.net/xterm/xterm.log.html#xterm_380	Release Notes

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-14T00:00:00

Updated: 2023-09-07T05:58:18.896782

Reserved: 2023-08-14T00:00:00

Link: CVE-2023-40359

JSON object: View

NVD Information

Status : Modified

Published: 2023-08-14T17:15:10.617

Modified: 2023-09-07T06:15:07.990

Link: CVE-2023-40359

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo