CVE-2017-7467

NameCVE-2017-7467
DescriptionA buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-914-1
Debian Bugs860940

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
minicom (PTS)bookworm, bullseye2.8-2fixed
sid, trixie2.9-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
minicomsourcewheezy2.6.1-1+deb7u1DLA-914-1
minicomsourcejessie2.7-1+deb8u1
minicomsource(unstable)2.7-1.1860940

Notes

https://www.openwall.com/lists/oss-security/2017/04/18/5
Search for package or bug name: Reporting problems