CVE-2021-27135

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2021-27135
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2021-02-10 16:15:00 UTC
Updated2023-11-07 03:31:00 UTC
Descriptionxterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 9.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Fedoraproject Fedora 33 All All All
Operating System Fedoraproject Fedora 33 All All All
Application Invisible-island Xterm All All All All
Application Invisible-island Xterm All All All All

References

ReferenceSourceLinkTags
oss-security - Re: Re: screen crash processing combining characters MLIST www.openwall.com Mailing List, Third Party Advisory
Bug 1182091 – VUL-0: CVE-2021-27135: xterm: crash when processing combining characters CONFIRM bugzilla.suse.com
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
xterm: Multiple Vulnerabilities (GLSA 202208-22) — Gentoo security GENTOO security.gentoo.org
[SECURITY] Fedora 33 Update: xterm-366-1.fc33 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org Mailing List, Patch, Third Party Advisory
oss-security - Re: screen crash processing combining characters MISC www.openwall.com Mailing List, Third Party Advisory
XTERM - Change Log CONFIRM invisible-island.net
[SECURITY] Fedora 33 Update: xterm-366-1.fc33 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
CVE-2021-27135: xterm flaw may allow remote code execution, CVSS 9.6 | Hacker News MISC news.ycombinator.com
[SECURITY] [DLA 2558-1] xterm security update MLIST lists.debian.org Mailing List, Third Party Advisory
1927559 – (CVE-2021-27135) CVE-2021-27135 xterm: crash when processing combining characters MISC bugzilla.redhat.com
snapshot of project "xterm", label xterm-365d · ThomasDickey/xterm-snapshots@82ba55b · GitHub CONFIRM github.com
oss-security - Re: screen crash processing combining characters MISC www.openwall.com Mailing List, Third Party Advisory
Full Disclosure: CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology FULLDISC seclists.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 178498 Debian Security Update for xterm (DLA 2558-2)
  • 180330 Debian Security Update for xterm (CVE-2021-27135)
  • 257083 CentOS Security Update for xterm (CESA-2021:0617)
  • 296067 Oracle Solaris 11.4 Support Repository Update (SRU) 33.94.0 Missing (CPUAPR2021)
  • 352241 Amazon Linux Security Advisory for xterm: ALAS-2021-1489
  • 352249 Amazon Linux Security Advisory for xterm: ALAS2-2021-1619
  • 376877 Alibaba Cloud Linux Security Update for xterm (ALINUX2-SA-2021:0010)
  • 377119 Alibaba Cloud Linux Security Update for xterm (ALINUX3-SA-2021:0010)
  • 501724 Alpine Linux Security Update for xterm
  • 501945 Alpine Linux Security Update for xterm
  • 505591 Alpine Linux Security Update for xterm
  • 670211 EulerOS Security Update for xterm (EulerOS-SA-2021-1864)
  • 670310 EulerOS Security Update for xterm (EulerOS-SA-2021-1914)
  • 670331 EulerOS Security Update for xterm (EulerOS-SA-2021-1893)
  • 670843 EulerOS Security Update for xterm (EulerOS-SA-2021-1864)
  • 710689 Gentoo Linux xterm Multiple Vulnerabilities (GLSA 202208-22)
  • 730121 McAfee Web Gateway Multiple Vulnerabilities (WP-3484,WP-3744,WP-3745,WP-3746,WP-3747,WP-3793,WP-3800)
  • 750666 SUSE Enterprise Linux Security Update for xterm (SUSE-SU-2021:2011-1)
  • 750669 SUSE Enterprise Linux Security Update for xterm (SUSE-SU-2021:2014-1)
  • 750670 SUSE Enterprise Linux Security Update for xterm (SUSE-SU-2021:2013-1)
  • 750704 OpenSUSE Security Update for xterm (openSUSE-SU-2021:0900-1)
  • 750820 OpenSUSE Security Update for xterm (openSUSE-SU-2021:2011-1)
  • 901553 Common Base Linux Mariner (CBL-Mariner) Security Update for xterm (7454)
  • 903789 Common Base Linux Mariner (CBL-Mariner) Security Update for xterm (7454-1)
  • 940093 AlmaLinux Security Update for xterm (ALSA-2021:0611)
  • 960687 Rocky Linux Security Update for xterm (RLSA-2021:0611)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report