CVE-2011-2198

Description

The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".

How to fix CVE-2011-2198

To remediate CVE-2011-2198, upgrade the affected package to a fixed version below.

• Debian/vte—upgrade to 1:0.28.1-1 or later

Is CVE-2011-2198 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:0.28.1-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-2198