CVE-2024-28085

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-28085

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-28085.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-28085

Downstream

ALPINE-CVE-2024-28085

BELL-CVE-2024-28085

DEBIAN-CVE-2024-28085

DLA-3782-1

DSA-5650-1

OESA-2024-1352

OESA-2024-1383

SUSE-SU-2024:1106-1

SUSE-SU-2024:1169-1

SUSE-SU-2024:1170-1

SUSE-SU-2024:1171-1

SUSE-SU-2024:1172-1

SUSE-SU-2024:1943-1

UBUNTU-CVE-2024-28085

USN-6719-1

USN-6719-2

openSUSE-SU-2024:14523-1

Related

Published

2024-03-27T19:15:48Z

Modified

2025-10-15T22:54:31.729592Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

References

Affected packages

Git / github.com/karelzak/util-linux

Affected ranges

Type: GIT
Repo: https://github.com/karelzak/util-linux
Events: Introduced

bad3c52f0b2dd97e70a5c92edcc7f67dceeb4ba1

Fixed

8230dec4c50810065403eefe3c8cda475976e3eb

Affected versions

v2.*

v2.24

v2.25

v2.25-rc1

v2.25-rc2

v2.26

v2.26-rc1

v2.26-rc2

v2.27

v2.27-rc1

v2.27-rc2

v2.28

v2.28-rc1

v2.28-rc2

v2.29

v2.29-rc1

v2.29-rc2

v2.30

v2.30-rc1

v2.30-rc2

v2.31

v2.31-rc1

v2.31-rc2

v2.32

v2.32-rc1

v2.32-rc2

v2.33

v2.33-rc1

v2.33-rc2

v2.34

v2.34-rc1

v2.34-rc2

v2.35

v2.35-rc1

v2.35-rc2

v2.36

v2.36-rc1

v2.36-rc2

v2.37

v2.37-rc1

v2.37-rc2

v2.38

v2.38-rc1

v2.38-rc2

v2.38-rc3

v2.38-rc4

v2.39

v2.39-rc1

v2.39-rc2

v2.39-rc3

v2.39.1

v2.39.2

v2.39.3