CVE-2024-28085
util-linux - security update
3.3
LOW
CVSS 3.1
EPSS 10.9%
Description
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.
How to fix CVE-2024-28085
To remediate CVE-2024-28085, upgrade the affected package to a fixed version below.
- —upgrade to 2.40-r0 or later
- —upgrade to 2.36.1-8+deb11u2 or later
- —upgrade to 2.36.1-8+deb11u2 or later
Is CVE-2024-28085 being exploited?
Moderate — EPSS is 10.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 2.40-r0
- from 0, < 2.36.1-8+deb11u2
- from 0, < 2.36.1-8+deb11u2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |