AZL-37146

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-37146.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-37146

Upstream

CVE-2024-28085

Published

2024-03-27T19:15:48Z

Modified

2026-04-01T05:13:13.110895Z

Summary

CVE-2024-28085 affecting package util-linux for versions less than 2.37.4-9

Details

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-28085

Affected packages

Azure Linux:2 / util-linux

Package

Name: util-linux
Purl: pkg:rpm/azure-linux/util-linux

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.37.4-9

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-37146.json"