Denial of Service Vulnerability in GNOME Terminal Emulation Library
CVE-2024-37535

Currently unrated

Key Information:

Vendor: GNOME
Status: GNOME VTE
Vendor: CVE Published:; 9 June 2024

Summary

A vulnerability has been identified in GNOME's VTE library that allows an attacker to exploit window resize escape sequences. When an affected version of GNOME VTE is manipulated using specific character sequences during window resizing, it can lead to excessive memory consumption, resulting in a denial of service to legitimate users. This issue highlights the importance of updating to version 0.76.3 or higher to mitigate the risk associated with this vulnerability.

References

https://gitlab.gnome.org/GNOME/vte/-/issues/2786

https://gitlab.gnome.org/GNOME/vte/-/tags/0.76.3

Timeline

Vulnerability published
Jun 9, 2024
Vulnerability Reserved
Jun 9, 2024