CVE-2012-2738

Description

The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.

How to fix CVE-2012-2738

To remediate CVE-2012-2738, upgrade the affected package to a fixed version below.

• Alpine/vte—upgrade to 0.28.2-r12 or later
• Debian/vte—upgrade to 1:0.28.2-5 or later

Is CVE-2012-2738 being exploited?

Moderate — EPSS is 16.8%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 0.28.2-r12
• from 0, < 1:0.28.2-5

References (2)

• ADVISORYsecurity.alpinelinux.org/vuln/CVE-2012-2738
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-2738