CVE-2021-27135
moderate-risk
Published 2021-02-10
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
Do I need to act?
~
1.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: a8fc74f3bcca38d5a288c9947f3e9d48868a3a3f, 82ba55b8f994ab30ff561a347b82ea340ba7075c
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (3)
Affected Vendors
References (26)
Mailing List
http://seclists.org/fulldisclosure/2021/May/52
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-27135
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1927559
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1182091
Release Notes
https://invisible-island.net/xterm/xterm.log.html
Issue Tracking
https://news.ycombinator.com/item?id=26524650
Third Party Advisory
https://security.gentoo.org/glsa/202208-22
Mailing List
http://seclists.org/fulldisclosure/2021/May/52
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-27135
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1927559
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1182091
Release Notes
https://invisible-island.net/xterm/xterm.log.html
and 6 more references
46
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
5/34 · Minimal
Exposure
9/34 · Low