CVE-2021-27135 - log back

CVE-2021-27135 edited at 11 Feb 2021 08:15:55
References
https://www.openwall.com/lists/oss-security/2021/02/09/7
https://www.openwall.com/lists/oss-security/2021/02/09/9
- https://www.openwall.com/lists/oss-security/2021/02/10/7
https://invisible-island.net/xterm/xterm.log.html#xterm_366
+ https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c
CVE-2021-27135 edited at 11 Feb 2021 08:07:06
Description
- xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
+ xterm up to patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence. The issue is fixed in patch #366.
References
https://www.openwall.com/lists/oss-security/2021/02/09/7
https://www.openwall.com/lists/oss-security/2021/02/09/9
https://www.openwall.com/lists/oss-security/2021/02/10/7
+ https://invisible-island.net/xterm/xterm.log.html#xterm_366
CVE-2021-27135 edited at 10 Feb 2021 21:36:28
Description
- In xterm before version 366, an attacker could cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
+ xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
CVE-2021-27135 edited at 10 Feb 2021 16:24:58
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ In xterm before version 366, an attacker could cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
References
+ https://www.openwall.com/lists/oss-security/2021/02/09/7
+ https://www.openwall.com/lists/oss-security/2021/02/09/9
+ https://www.openwall.com/lists/oss-security/2021/02/10/7
Notes
CVE-2021-27135 created at 10 Feb 2021 16:21:08