2215008 – TRIAGE vte291: infinite loop parsing control sequence '\e]104;x\a'

Bug 2215008 - TRIAGE vte291: infinite loop parsing control sequence '\e]104;x\a'

Summary: TRIAGE vte291: infinite loop parsing control sequence '\e]104;x\a'

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2215010 2215011
Blocks:	2215009
TreeView+	depends on / blocked

Reported:	2023-06-14 12:37 UTC by Sandipan Roy
Modified:	2023-08-01 15:54 UTC (History)
CC List:	1 user (show)
Fixed In Version:	vte 0.70.6, vte 0.72.2
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-07-20 12:28:01 UTC
Embargoed:

Attachments	(Terms of Use)

Description Sandipan Roy 2023-06-14 12:37:21 UTC

A logic error in vte's OSC parser results in an infinite loop. An
untrusted system accessed via ssh, telnet or similar could use this
as a denial of service. This is fixed upstream in 0.70.6, and a fixed
version 0.70.5-2 is on its way into unstable. Originally reported at
<https://bugs.launchpad.net/ubuntu/+source/vte2.91/+bug/2022019>.

Does the security team want to do a DSA for this? The patch is upstream
commit https://gitlab.gnome.org/GNOME/vte/-/commit/dce7b5f044b0f9e184f186315c846489a20edf0d
or one of its many cherry-picks to older branches.

Ref: https://gitlab.gnome.org/GNOME/vte/-/issues/2631

Comment 2 Zack Miele 2023-06-15 19:44:47 UTC

fix commit https://gitlab.gnome.org/GNOME/vte/-/commit/dce7b5f0

Note You need to log in before you can comment on or make changes to this bug.