Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling the Mintty window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon processing a title change.
References
Link | Resource |
---|---|
https://github.com/mintty/mintty/commit/bd52109993440b6996760aaccb66e68e782762b9 | Patch Third Party Advisory |
https://github.com/mintty/mintty/compare/3.4.4...3.4.5 | Patch Third Party Advisory |
https://mintty.github.io/ | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2021-06-03 12:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-28848
Mitre link : CVE-2021-28848
CVE.ORG link : CVE-2021-28848
JSON object : View
Products Affected
mintty_project
- mintty
CWE
CWE-770
Allocation of Resources Without Limits or Throttling