CVE-2008-5076

NameCVE-2008-5076
Descriptionhtop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs504144

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
htop (PTS)buster2.2.0-1fixed
bullseye3.0.5-7fixed
bookworm3.2.2-2fixed
trixie, sid3.3.0-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
htopsource(unstable)0.8.1-2unimportant504144

Notes

That scenario is too constructed to call it a security issue, especially
given that the standard top will display the maliciously hidden processes
just fine.

Search for package or bug name: Reporting problems