CVE-2023-40359

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
invisible-islandxterm
𝑥
< 380
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xterm
bookworm
unimportant
bullseye
unimportant
sid
396-1
fixed
trixie
396-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xterm
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
lunar
ignored
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
ignored
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
xterm-330
suse enterprise desktop 15 SP4
150200.11.12.1
fixed
suse enterprise desktop 15 SP5
150200.11.12.1
fixed
suse enterprise desktop 15 SP6
150200.11.12.1
fixed
suse enterprise desktop 15 SP7
150200.11.12.1
fixed
suse enterprise sap 15 SP4
150200.11.12.1
fixed
suse enterprise sap 15 SP5
150200.11.12.1
fixed
suse enterprise sap 15 SP6
150200.11.12.1
fixed
suse enterprise sap 15 SP7
150200.11.12.1
fixed
suse enterprise server 15 SP4
150200.11.12.1
fixed
suse enterprise server 15 SP5
150200.11.12.1
fixed
suse enterprise server 15 SP6
150200.11.12.1
fixed
suse enterprise server 15 SP7
150200.11.12.1
fixed
xterm-bin-330
suse enterprise desktop 15 SP4
150200.11.12.1
fixed
suse enterprise desktop 15 SP5
150200.11.12.1
fixed
suse enterprise desktop 15 SP6
150200.11.12.1
fixed
suse enterprise desktop 15 SP7
150200.11.12.1
fixed
suse enterprise sap 15 SP4
150200.11.12.1
fixed
suse enterprise sap 15 SP5
150200.11.12.1
fixed
suse enterprise sap 15 SP6
150200.11.12.1
fixed
suse enterprise sap 15 SP7
150200.11.12.1
fixed
suse enterprise server 15 SP4
150200.11.12.1
fixed
suse enterprise server 15 SP5
150200.11.12.1
fixed
suse enterprise server 15 SP6
150200.11.12.1
fixed
suse enterprise server 15 SP7
150200.11.12.1
fixed
References
https://invisible-island.net/xterm/xterm.log.html#xterm_380
https://invisible-island.net/xterm/xterm.log.html#xterm_380