CVE-2014-3121

CVSS V2 High 7.6 CVSS V3 None
Description
rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands.
Overview
  • CVE ID
  • CVE-2014-3121
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2014-05-14T00:55:10
  • Last Modified Date
  • 2017-12-29T02:29:20
Weakness Enumerations
CWE URL
CWE-78 http://cwe.mitre.org/data/definitions/78.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:marc_lehmann:rxvt-unicode:*:*:*:*:*:*:*:* 1 OR 9.19
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.02:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.05:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.06:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.07:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.08:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.09:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:marc_lehmann:rxvt-unicode:9.18:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:H/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • HIGH
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.6
  • Severity
  • HIGH
  • Exploitability Score
  • 4.9
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://www.debian.org/security/2014/dsa-2925
http://dist.schmorp.de/rxvt-unicode/Changes
http://seclists.org/oss-sec/2014/q2/204
https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133166.html
http://www.securityfocus.com/bid/67155
https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133195.html
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00026.html
http://lists.opensuse.org/opensuse-updates/2014-06/msg00038.html
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2014-3121
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3121
History
Created Old Value New Value Data Type Notes
2022-05-10 18:54:03 Added to TrackCVE
2022-12-01 23:04:55 2014-05-14T00:55Z 2014-05-14T00:55:10 CVE Published Date updated
2022-12-01 23:04:55 2017-12-29T02:29:20 CVE Modified Date updated
2022-12-01 23:04:55 Modified Vulnerability Status updated