CVE-2008-2383

Summary

CVE	CVE-2008-2383
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2009-01-02 18:11:00 UTC
Updated	2023-11-07 02:02:00 UTC
Description	CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

Risk And Classification

Problem Types: CWE-94

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Invisible-island	Xterm	_nil_	All	All	All
Application	Invisible-island	Xterm	_nil_	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 38 Update: kitty-0.29.1-1.fc38 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
#510030 - [CVE-2008-2383] xterm: DECRQSS and comments - Debian Bug report logs	CONFIRM	bugs.debian.org
Ubuntu update for xterm - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com
Support	REDHAT	www.redhat.com
SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
SUSE update for xterm - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Debian -- Security Information -- DSA-1694-1 xterm	DEBIAN	www.debian.org
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:002	SUSE	lists.opensuse.org
xterm DECRQSS Remote Command Execution Vulnerability	BID	www.securityfocus.com
[SECURITY] Fedora 38 Update: kitty-0.29.1-1.fc38 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: kitty-0.26.5-6.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com
About the security content of Security Update 2009-002 / Mac OS X v10.5.7	CONFIRM	support.apple.com
US-CERT Technical Cyber Security Alert TA09-133A -- Apple Updates for Multiple Vulnerabilities	CERT	www.us-cert.gov	US Government Resource
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
254208	SUNALERT	sunsolve.sun.com
Debian update for xterm - Secunia.com	SECUNIA	secunia.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Security Advisory SA33419 - Fedora update for xterm - Secunia	SECUNIA	secunia.com
Red Hat update for xterm - Secunia.com	SECUNIA	secunia.com
[SECURITY] Fedora 8 Update: xterm-238-1.fc8	FEDORA	www.redhat.com
APPLE-SA-2009-05-12 Security Update 2009-002 / Mac OS X v10.5.7	APPLE	lists.apple.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
xterm DECRQSS Input Validation Flaw Lets Users Inject Arbitrary Commands - SecurityTracker	SECTRACK	www.securitytracker.com
[SECURITY] Fedora 37 Update: kitty-0.26.5-6.fc37 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:003	SUSE	lists.opensuse.org
xterm DECRQSS Escape Sequence Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
USN-703-1: xterm vulnerabilities \| Ubuntu security notices	UBUNTU	usn.ubuntu.com
Support	REDHAT	www.redhat.com
[SECURITY] Fedora 9 Update: xterm-238-1.fc9	FEDORA	www.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

284345 Fedora Security Update for kitty (FEDORA-2023-a004ecb3f8)
284353 Fedora Security Update for kitty (FEDORA-2023-3746647cc3)