CVE Vulnerability

CVE-2021-28848

Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling the Mintty window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon processing a title change.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/mintty/mintty/commit/bd52109993440b6996760aaccb66e68e782762b9 Patch Third Party Advisory
https://mintty.github.io/ Vendor Advisory
https://github.com/mintty/mintty/compare/3.4.4...3.4.5 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:mintty_project:mintty:*:*:*:*:*:*:*:*
Information

Published : 2021-06-03 12:15

Updated : 2021-06-14 05:01

NVD link : CVE-2021-28848

Mitre link : CVE-2021-28848

Products Affected
No products.
CWE
CWE-770