VIR Vulnerability Intelligence Relay

CVE-2010-2713

medium
Published 2010-08-05 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
6.8

Description

The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 1:0.24.3-1
sid Fixed 1:0.24.3-1
forky Fixed 1:0.24.3-1
bullseye Fixed 1:0.24.3-1
bookworm Fixed 1:0.24.3-1

Application impact
VendorProductVersionsFixed
nalin_dahyabhaivte{"endIncluding":"0.25.1"}
nalin_dahyabhaivte0.11.21
nalin_dahyabhaivte0.12.2
nalin_dahyabhaivte0.14.2
nalin_dahyabhaivte0.15.0
nalin_dahyabhaivte0.16.14
nalin_dahyabhaivte0.17.4
nalin_dahyabhaivte0.20.5
nalin_dahyabhaivte0.22.5
nalin_dahyabhaivte0.24.3
gnomegnome-terminal

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.