https://www.cve.org/CVERecord?id=CVE-2024-37535 states:
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service
(memory consumption) via a window resize escape sequence, a related issue
to CVE-2000-0476.
https://gitlab.gnome.org/GNOME/vte/-/issues/2786 explains further:
The ANSI escape sequence "e[4;;t" can be used to resize the terminal
window, where "" is the height and ""is the width. By providing a
large number such as 65535 for both values will lead to a local denial
of service, where the whole machine can be frozen.
This same vulnerability found was in XTerm back in 2000. The CVE for
the vulnerability in XTerm is CVE-2000-0476
Steps to reproduce:
Open gnome-terminal
Execute printf "e[4;65535;65535t" in the terminal
--
-Alan Coopersmith- alan.coopersm...@oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
