DEBIAN-CVE-2024-28085

DEBIAN-CVE-2024-28085 PUBLISHED CVSS 3.299999952316284 LOW

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

Risk Scores

CVSS 3.1

3.299999952316284

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:14	util-linux	0, 0
Debian:12	util-linux	0, 2.38.1-5, 2.38.1-5
Debian:11	util-linux	2.36.1-8+deb11u1, 0, 2.36.1-8
Debian:13	util-linux	0, 0

Exploit Intelligence

trojan CVE-2024-28085 CVE 28085 (github-poc)
WallEscape vulnerability in util-linux (github-poc)
securestr.c (github-poc)
TestCommand.yaml (github-poc)

Timeline

Mar 27, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-28085 advisory

Open in Interactive Console →