A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future.
References
Configurations
History
17 Aug 2022, 13:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:eternal_terminal_project:eternal_terminal:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-546v-59j5-g95q - Exploit, Patch | |
References | (CONFIRM) https://github.com/MisterTea/EternalTerminal/releases/tag/et-v6.2.0 - Third Party Advisory | |
CWE | CWE-362 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
16 Aug 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-16 01:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-24951
Mitre link : CVE-2022-24951
CVE.ORG link : CVE-2022-24951
JSON object : View
Products Affected
eternal_terminal_project
- eternal_terminal
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')