CVE-2010-2713
- Source
- https://cve.org/CVERecord?id=CVE-2010-2713
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-2713.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2010-2713
- Downstream
- Published
- 2010-08-05T18:17:57Z
- Modified
- 2026-04-10T03:41:20.089630Z
- Summary
- [none]
- Details
-
The vtesequencehandlerwindowmanipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.
- References
-
- http://secunia.com/advisories/40635
- http://www.ubuntu.com/usn/usn-962-1
- http://www.vupen.com/english/advisories/2010/1839
- http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91
- http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91
- https://bugzilla.redhat.com/show_bug.cgi?id=613110
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://www.securityfocus.com/bid/41716