CVE-2024-28085

Source
https://cve.org/CVERecord?id=CVE-2024-28085
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28085.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-28085
Aliases
  • GHSA-xv2h-c6ww-mrjq
Downstream
Related
Published
2024-03-27T00:00:00Z
Modified
2026-07-08T08:12:41.212460900Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/28xxx/CVE-2024-28085.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/util-linux/util-linux

Affected ranges

Type
GIT
Repo
https://github.com/util-linux/util-linux
Events
Database specific
{
    "source": [
        "DESCRIPTION",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.40"
        },
        {
            "introduced": "2.24"
        },
        {
            "fixed": "2.39.4"
        }
    ]
}

Affected versions

v2.*
v2.24
v2.25
v2.25-rc1
v2.25-rc2
v2.26
v2.26-rc1
v2.26-rc2
v2.27
v2.27-rc1
v2.27-rc2
v2.28
v2.28-rc1
v2.28-rc2
v2.29
v2.29-rc1
v2.29-rc2
v2.30
v2.30-rc1
v2.30-rc2
v2.31
v2.31-rc1
v2.31-rc2
v2.32
v2.32-rc1
v2.32-rc2
v2.33
v2.33-rc1
v2.33-rc2
v2.34
v2.34-rc1
v2.34-rc2
v2.35
v2.35-rc1
v2.35-rc2
v2.36
v2.36-rc1
v2.36-rc2
v2.37
v2.37-rc1
v2.37-rc2
v2.38
v2.38-rc1
v2.38-rc2
v2.38-rc3
v2.38-rc4
v2.39
v2.39-rc1
v2.39-rc2
v2.39-rc3
v2.40-rc1
v2.40-rc2
v2.41-devel
v2.41-start

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28085.json"