Eternal Terminal
CVE-2022-24949
HIGH
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen().
AnalysisAI
A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-362. A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen(). Affected products include: Eternal Terminal Project Eternal Terminal. Version information: version 6.2.0..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Eternal Terminal
View allA race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other
A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Termi
Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered re
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. Rated medium severity (CVSS 6.3). Public exploit c
Same weakness CWE-362 – Race Condition
View allSame technique Race Condition
View allShare
External POC / Exploit Code
Leaving vuln.today