CVE-2022-24949 — Vulnetix

CVE-2022-24949 PUBLISHED CVSS 7.5 HIGH

A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen().

EPSS 0.40% · 60.9th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.40%

60.9th percentile

Affected Products

Vendor	Product	Versions
eternal_terminal_project	eternal_terminal	0
Jason Gauci	Eternal Terminal	unspecified

Exploit Intelligence

https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-hxg8-4r3q-p9rv (nist-nvd)
https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3 (circl)

Timeline

Aug 16, 2022 EPSS Score
Aug 16, 2022 CVE Published
Oct 1, 2022 EPSS Score
Nov 16, 2022 EPSS Score
Jan 1, 2023 EPSS Score
Feb 16, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 4, 2023 EPSS Score
Aug 19, 2023 EPSS Score
Oct 4, 2023 EPSS Score

References

https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3 url
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-hxg8-4r3q-p9rv url

Open in Interactive Console →