VDB
ALPINE-CVE-2024-28085
ALPINE-CVE-2024-28085
PUBLISHED
CVSS 3.299999952316284 LOW
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.
Risk Scores
CVSS v3.1
3.299999952316284
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.20 | util-linux | 2.14.1-r0, 2.39.3-r2, 2.39.3-r1 |
| Alpine:v3.22 | util-linux | 2.39.3-r2, 2.14.1-r0, 2.14.1-r1 |
| Alpine:v3.23 | util-linux | 0, 2.14.1-r0, 2.14.1-r1 |
| Alpine:v3.21 | util-linux | 0, 2.39.3-r2, 2.39.3-r1 |
Timeline
- Mar 27, 2024 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch