CVE-2017-7467

unknown

Published — · Modified —

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

—

Description

A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2017-7467 NameCVE-2017-7467 DescriptionA buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE…

CVE-2017-7467

Name	CVE-2017-7467
Description	A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-914-1
Debian Bugs	860940

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
minicom (PTS)	bookworm, bullseye	2.8-2	fixed
	forky, trixie	2.10-1	fixed
	sid	2.11.1-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
minicom	source	wheezy	2.6.1-1+deb7u1	DLA-914-1
minicom	source	jessie	2.7-1+deb8u1
minicom	source	(unstable)	2.7-1.1		860940

Notes

https://www.openwall.com/lists/oss-security/2017/04/18/5

Home - Debian Security - Source (Git)

Apply commands

text fix

Notes

https://www.openwall.com/lists/oss-security/2017/04/18/5

OS impact

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`2.7-1.1`
sid	Fixed	`2.7-1.1`
forky	Fixed	`2.7-1.1`
bullseye	Fixed	`2.7-1.1`
bookworm	Fixed	`2.7-1.1`

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.