CVE-2024-37535 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.4 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Debian Releases

Debian Product

Codename

vte

bookworm	no-dsa
bullseye	no-dsa
buster	postponed
forky	unimportant
sid	unimportant
trixie	unimportant

vte2.91

bookworm	no-dsa
bullseye	no-dsa
buster	postponed
forky	0.82.2-1 fixed
sid	0.82.2-1 fixed
trixie	0.80.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

vte2.91

bionic	needs-triage
focal	Fixed 0.60.3-0ubuntu1~20.5 released
jammy	Fixed 0.68.0-1ubuntu0.1 released
mantic	Fixed 0.74.0-2ubuntu0.1 released
noble	Fixed 0.76.0-1ubuntu0.1 released
oracular	not-affected
plucky	not-affected
questing	not-affected
xenial	needs-triage

openSUSE / SLES Releases

openSUSE Product

Release

libvte-2_91-0

suse enterprise desktop 15 SP5	0.66.2-150400.3.5.1 fixed
suse enterprise desktop 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise desktop 15 SP7	0.74.2-150600.3.3.1 fixed
suse enterprise sap 12 SP5	0.44.2-9.6.1 fixed
suse enterprise sap 15 SP2	0.58.3-150200.3.3.1 fixed
suse enterprise sap 15 SP3	0.58.3-150200.3.3.1 fixed
suse enterprise sap 15 SP5	0.66.2-150400.3.5.1 fixed
suse enterprise sap 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise sap 15 SP7	0.74.2-150600.3.3.1 fixed
suse enterprise server 12 SP3	0.44.2-9.6.1 fixed
suse enterprise server 12 SP5	0.44.2-9.6.1 fixed
suse enterprise server 15 SP2	0.58.3-150200.3.3.1 fixed
suse enterprise server 15 SP3	0.58.3-150200.3.3.1 fixed
suse enterprise server 15 SP4	0.66.2-150400.3.5.1 fixed
suse enterprise server 15 SP5	0.66.2-150400.3.5.1 fixed
suse enterprise server 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise server 15 SP7	0.74.2-150600.3.3.1 fixed

typelib-1_0-Vte-2_91

suse enterprise desktop 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise desktop 15 SP7	0.74.2-150600.3.3.1 fixed
suse enterprise sap 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise sap 15 SP7	0.74.2-150600.3.3.1 fixed
suse enterprise server 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise server 15 SP7	0.74.2-150600.3.3.1 fixed

typelib-1_0-Vte-3_91

suse enterprise desktop 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise desktop 15 SP7	0.74.2-150600.3.3.1 fixed
suse enterprise sap 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise sap 15 SP7	0.74.2-150600.3.3.1 fixed
suse enterprise server 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise server 15 SP7	0.74.2-150600.3.3.1 fixed

vte-devel

suse enterprise desktop 15 SP5	0.66.2-150400.3.5.1 fixed
suse enterprise desktop 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise desktop 15 SP7	0.74.2-150600.3.3.1 fixed
suse enterprise sap 15 SP2	0.58.3-150200.3.3.1 fixed
suse enterprise sap 15 SP3	0.58.3-150200.3.3.1 fixed
suse enterprise sap 15 SP5	0.66.2-150400.3.5.1 fixed
suse enterprise sap 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise sap 15 SP7	0.74.2-150600.3.3.1 fixed
suse enterprise server 15 SP2	0.58.3-150200.3.3.1 fixed
suse enterprise server 15 SP3	0.58.3-150200.3.3.1 fixed
suse enterprise server 15 SP4	0.66.2-150400.3.5.1 fixed
suse enterprise server 15 SP5	0.66.2-150400.3.5.1 fixed
suse enterprise server 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise server 15 SP7	0.74.2-150600.3.3.1 fixed

vte-lang

suse enterprise desktop 15 SP5	0.66.2-150400.3.5.1 fixed
suse enterprise desktop 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise desktop 15 SP7	0.74.2-150600.3.3.1 fixed
suse enterprise sap 12 SP5	0.44.2-9.6.1 fixed
suse enterprise sap 15 SP2	0.58.3-150200.3.3.1 fixed
suse enterprise sap 15 SP3	0.58.3-150200.3.3.1 fixed
suse enterprise sap 15 SP5	0.66.2-150400.3.5.1 fixed
suse enterprise sap 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise sap 15 SP7	0.74.2-150600.3.3.1 fixed
suse enterprise server 12 SP3	0.44.2-9.6.1 fixed
suse enterprise server 12 SP5	0.44.2-9.6.1 fixed
suse enterprise server 15 SP2	0.58.3-150200.3.3.1 fixed
suse enterprise server 15 SP3	0.58.3-150200.3.3.1 fixed
suse enterprise server 15 SP4	0.66.2-150400.3.5.1 fixed
suse enterprise server 15 SP5	0.66.2-150400.3.5.1 fixed
suse enterprise server 15 SP6	0.74.2-150600.3.3.1 fixed
suse enterprise server 15 SP7	0.74.2-150600.3.3.1 fixed

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

http://www.openwall.com/lists/oss-security/2024/06/09/1

http://www.openwall.com/lists/oss-security/2024/06/09/2

https://gitlab.gnome.org/GNOME/vte/-/issues/2786

https://gitlab.gnome.org/GNOME/vte/-/tags/0.76.3

http://www.openwall.com/lists/oss-security/2024/06/09/1

http://www.openwall.com/lists/oss-security/2024/06/09/2

https://gitlab.gnome.org/GNOME/vte/-/issues/2786

https://gitlab.gnome.org/GNOME/vte/-/tags/0.76.3