CVE-2021-28848
Last modified
CVE-2021-28848 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling the Mintty window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon processing a title change.. EPSS estimates a 1.64% chance of exploitation in the next 30 days.
Description
Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling the Mintty window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon processing a title change.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mintty Project | Mintty | < 3.4.5 |
References
- https://github.com/mintty/mintty/commit/bd52109993440b6996760aaccb66e68e782762b9Patch, Third Party Advisory
- https://github.com/mintty/mintty/compare/3.4.4...3.4.5Patch, Third Party Advisory
- https://mintty.github.io/Vendor Advisory
- https://github.com/mintty/mintty/commit/bd52109993440b6996760aaccb66e68e782762b9Patch, Third Party Advisory
- https://github.com/mintty/mintty/compare/3.4.4...3.4.5Patch, Third Party Advisory
- https://mintty.github.io/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-28848?
How severe is CVE-2021-28848?
How do I fix CVE-2021-28848?
Are you affected by CVE-2021-28848?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST