Description

OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences.

Related CPE's

o

openbsd

openbsd

14

References

https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/014_wscons.patch.sig

PatchVendor Advisory

https://github.com/openbsd/src/commit/9d3f688f46eba347e96ff0ae9506ef2061622e0c

Patch

Weaknesses

[email protected]

Primary
CWE-862

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-10T16:15:09.907

11 months ago

Last modified

2023-08-23T15:21:05.607

11 months ago