A flaw was found in xterm. A specially crafted sequence of combining characters causes an out of bounds write leading to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | xterm | 2021-03-18 17:30 | ALAS-2021-1489 |
Amazon Linux 2 - Core | xterm | 2021-03-18 01:13 | ALAS2-2021-1619 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 9.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
NVD | CVSSv2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
NVD | CVSSv3 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |