Fluid Attacks Database

Description

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.20	util-linux	=2.14.1-r0 \|\| =2.14.1-r1 \|\| =2.14.2-r0 \|\| =2.16-r0 \|\| =2.16-r1 \|\| =2.16-r2 \|\| =2.16.2-r0 \|\| =2.17-r0 \|\| =2.17.1-r0 \|\| =2.17.1-r1 \|\| =2.17.2-r0 \|\| =2.18-r0 \|\| =2.18-r1 \|\| =2.18-r2 \|\| =2.19.1-r0 \|\| =2.19.1-r1 \|\| =2.19.1-r2 \|\| =2.20-r0 \|\| =2.20-r1 \|\| =2.21-r0 \|\| =2.21.1-r0 \|\| =2.21.2-r0 \|\| =2.22.1-r0 \|\| =2.22.2-r0 \|\| =2.23.1-r0 \|\| =2.23.2-r0 \|\| =2.23.2-r1 \|\| =2.23.2-r2 \|\| =2.23.2-r3 \|\| =2.23.2-r4 \|\| =2.23.2-r5 \|\| =2.24.2-r0 \|\| =2.24.2-r1 \|\| =2.24.2-r2 \|\| =2.24.2-r3 \|\| =2.24.2-r4 \|\| =2.25.2-r0 \|\| =2.25.2-r1 \|\| =2.25.2-r2 \|\| =2.26.1-r0 \|\| =2.26.2-r0 \|\| =2.26.2-r1 \|\| =2.27-r0 \|\| =2.27-r1 \|\| =2.27.1-r0 \|\| =2.27.1-r1 \|\| =2.28-r0 \|\| =2.28-r1 \|\| =2.28-r2 \|\| =2.28-r3 \|\| =2.28-r4 \|\| =2.28.1-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.28.2-r2 \|\| =2.30.1-r0 \|\| =2.30.2-r0 \|\| =2.31-r0 \|\| =2.32-r0 \|\| =2.33-r0 \|\| =2.33.2-r0 \|\| =2.34-r0 \|\| =2.34-r1 \|\| =2.35-r0 \|\| =2.35.1-r0 \|\| =2.35.1-r1 \|\| =2.35.1-r2 \|\| =2.35.1-r3 \|\| =2.35.1-r4 \|\| =2.35.2-r0 \|\| =2.35.2-r1 \|\| =2.35.2-r2 \|\| =2.36-r0 \|\| =2.36-r1 \|\| =2.36-r2 \|\| =2.36.1-r0 \|\| =2.36.1-r1 \|\| =2.36.2-r0 \|\| =2.36.2-r1 \|\| =2.36.2-r2 \|\| =2.37-r0 \|\| =2.37-r1 \|\| =2.37-r2 \|\| =2.37-r3 \|\| =2.37-r4 \|\| =2.37.1-r0 \|\| =2.37.2-r0 \|\| =2.37.2-r1 \|\| =2.37.2-r2 \|\| =2.37.2-r3 \|\| =2.37.2-r4 \|\| =2.37.2-r5 \|\| =2.37.2-r6 \|\| =2.37.2-r7 \|\| =2.37.3-r0 \|\| =2.37.3-r1 \|\| =2.37.4-r0 \|\| =2.37.4-r1 \|\| =2.38-r0 \|\| =2.38-r1 \|\| =2.38-r2 \|\| =2.38-r3 \|\| =2.38.1-r0 \|\| =2.38.1-r1 \|\| =2.38.1-r2 \|\| =2.38.1-r3 \|\| =2.38.1-r4 \|\| =2.38.1-r5 \|\| =2.38.1-r6 \|\| =2.38.1-r7 \|\| =2.38.1-r8 \|\| =2.39-r0 \|\| =2.39-r1 \|\| =2.39-r10 \|\| =2.39-r2 \|\| =2.39-r3 \|\| =2.39-r4 \|\| =2.39-r5 \|\| =2.39-r6 \|\| =2.39-r7 \|\| =2.39-r8 \|\| =2.39-r9 \|\| =2.39.1-r0 \|\| =2.39.2-r0 \|\| =2.39.2-r1 \|\| =2.39.3-r0 \|\| =2.39.3-r1 \|\| =2.39.3-r2 \|\| >=0 <2.40-r0	2.40-r0
debian 12	util-linux	=2.38.1-5 \|\| >=0 <2.38.1-5+deb12u1	2.38.1-5+deb12u1
alpine v3.21	util-linux	=2.14.1-r0 \|\| =2.14.1-r1 \|\| =2.14.2-r0 \|\| =2.16-r0 \|\| =2.16-r1 \|\| =2.16-r2 \|\| =2.16.2-r0 \|\| =2.17-r0 \|\| =2.17.1-r0 \|\| =2.17.1-r1 \|\| =2.17.2-r0 \|\| =2.18-r0 \|\| =2.18-r1 \|\| =2.18-r2 \|\| =2.19.1-r0 \|\| =2.19.1-r1 \|\| =2.19.1-r2 \|\| =2.20-r0 \|\| =2.20-r1 \|\| =2.21-r0 \|\| =2.21.1-r0 \|\| =2.21.2-r0 \|\| =2.22.1-r0 \|\| =2.22.2-r0 \|\| =2.23.1-r0 \|\| =2.23.2-r0 \|\| =2.23.2-r1 \|\| =2.23.2-r2 \|\| =2.23.2-r3 \|\| =2.23.2-r4 \|\| =2.23.2-r5 \|\| =2.24.2-r0 \|\| =2.24.2-r1 \|\| =2.24.2-r2 \|\| =2.24.2-r3 \|\| =2.24.2-r4 \|\| =2.25.2-r0 \|\| =2.25.2-r1 \|\| =2.25.2-r2 \|\| =2.26.1-r0 \|\| =2.26.2-r0 \|\| =2.26.2-r1 \|\| =2.27-r0 \|\| =2.27-r1 \|\| =2.27.1-r0 \|\| =2.27.1-r1 \|\| =2.28-r0 \|\| =2.28-r1 \|\| =2.28-r2 \|\| =2.28-r3 \|\| =2.28-r4 \|\| =2.28.1-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.28.2-r2 \|\| =2.30.1-r0 \|\| =2.30.2-r0 \|\| =2.31-r0 \|\| =2.32-r0 \|\| =2.33-r0 \|\| =2.33.2-r0 \|\| =2.34-r0 \|\| =2.34-r1 \|\| =2.35-r0 \|\| =2.35.1-r0 \|\| =2.35.1-r1 \|\| =2.35.1-r2 \|\| =2.35.1-r3 \|\| =2.35.1-r4 \|\| =2.35.2-r0 \|\| =2.35.2-r1 \|\| =2.35.2-r2 \|\| =2.36-r0 \|\| =2.36-r1 \|\| =2.36-r2 \|\| =2.36.1-r0 \|\| =2.36.1-r1 \|\| =2.36.2-r0 \|\| =2.36.2-r1 \|\| =2.36.2-r2 \|\| =2.37-r0 \|\| =2.37-r1 \|\| =2.37-r2 \|\| =2.37-r3 \|\| =2.37-r4 \|\| =2.37.1-r0 \|\| =2.37.2-r0 \|\| =2.37.2-r1 \|\| =2.37.2-r2 \|\| =2.37.2-r3 \|\| =2.37.2-r4 \|\| =2.37.2-r5 \|\| =2.37.2-r6 \|\| =2.37.2-r7 \|\| =2.37.3-r0 \|\| =2.37.3-r1 \|\| =2.37.4-r0 \|\| =2.37.4-r1 \|\| =2.38-r0 \|\| =2.38-r1 \|\| =2.38-r2 \|\| =2.38-r3 \|\| =2.38.1-r0 \|\| =2.38.1-r1 \|\| =2.38.1-r2 \|\| =2.38.1-r3 \|\| =2.38.1-r4 \|\| =2.38.1-r5 \|\| =2.38.1-r6 \|\| =2.38.1-r7 \|\| =2.38.1-r8 \|\| =2.39-r0 \|\| =2.39-r1 \|\| =2.39-r10 \|\| =2.39-r2 \|\| =2.39-r3 \|\| =2.39-r4 \|\| =2.39-r5 \|\| =2.39-r6 \|\| =2.39-r7 \|\| =2.39-r8 \|\| =2.39-r9 \|\| =2.39.1-r0 \|\| =2.39.2-r0 \|\| =2.39.2-r1 \|\| =2.39.3-r0 \|\| =2.39.3-r1 \|\| =2.39.3-r2 \|\| >=0 <2.40-r0	2.40-r0
alpine v3.22	util-linux	=2.14.1-r0 \|\| =2.14.1-r1 \|\| =2.14.2-r0 \|\| =2.16-r0 \|\| =2.16-r1 \|\| =2.16-r2 \|\| =2.16.2-r0 \|\| =2.17-r0 \|\| =2.17.1-r0 \|\| =2.17.1-r1 \|\| =2.17.2-r0 \|\| =2.18-r0 \|\| =2.18-r1 \|\| =2.18-r2 \|\| =2.19.1-r0 \|\| =2.19.1-r1 \|\| =2.19.1-r2 \|\| =2.20-r0 \|\| =2.20-r1 \|\| =2.21-r0 \|\| =2.21.1-r0 \|\| =2.21.2-r0 \|\| =2.22.1-r0 \|\| =2.22.2-r0 \|\| =2.23.1-r0 \|\| =2.23.2-r0 \|\| =2.23.2-r1 \|\| =2.23.2-r2 \|\| =2.23.2-r3 \|\| =2.23.2-r4 \|\| =2.23.2-r5 \|\| =2.24.2-r0 \|\| =2.24.2-r1 \|\| =2.24.2-r2 \|\| =2.24.2-r3 \|\| =2.24.2-r4 \|\| =2.25.2-r0 \|\| =2.25.2-r1 \|\| =2.25.2-r2 \|\| =2.26.1-r0 \|\| =2.26.2-r0 \|\| =2.26.2-r1 \|\| =2.27-r0 \|\| =2.27-r1 \|\| =2.27.1-r0 \|\| =2.27.1-r1 \|\| =2.28-r0 \|\| =2.28-r1 \|\| =2.28-r2 \|\| =2.28-r3 \|\| =2.28-r4 \|\| =2.28.1-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.28.2-r2 \|\| =2.30.1-r0 \|\| =2.30.2-r0 \|\| =2.31-r0 \|\| =2.32-r0 \|\| =2.33-r0 \|\| =2.33.2-r0 \|\| =2.34-r0 \|\| =2.34-r1 \|\| =2.35-r0 \|\| =2.35.1-r0 \|\| =2.35.1-r1 \|\| =2.35.1-r2 \|\| =2.35.1-r3 \|\| =2.35.1-r4 \|\| =2.35.2-r0 \|\| =2.35.2-r1 \|\| =2.35.2-r2 \|\| =2.36-r0 \|\| =2.36-r1 \|\| =2.36-r2 \|\| =2.36.1-r0 \|\| =2.36.1-r1 \|\| =2.36.2-r0 \|\| =2.36.2-r1 \|\| =2.36.2-r2 \|\| =2.37-r0 \|\| =2.37-r1 \|\| =2.37-r2 \|\| =2.37-r3 \|\| =2.37-r4 \|\| =2.37.1-r0 \|\| =2.37.2-r0 \|\| =2.37.2-r1 \|\| =2.37.2-r2 \|\| =2.37.2-r3 \|\| =2.37.2-r4 \|\| =2.37.2-r5 \|\| =2.37.2-r6 \|\| =2.37.2-r7 \|\| =2.37.3-r0 \|\| =2.37.3-r1 \|\| =2.37.4-r0 \|\| =2.37.4-r1 \|\| =2.38-r0 \|\| =2.38-r1 \|\| =2.38-r2 \|\| =2.38-r3 \|\| =2.38.1-r0 \|\| =2.38.1-r1 \|\| =2.38.1-r2 \|\| =2.38.1-r3 \|\| =2.38.1-r4 \|\| =2.38.1-r5 \|\| =2.38.1-r6 \|\| =2.38.1-r7 \|\| =2.38.1-r8 \|\| =2.39-r0 \|\| =2.39-r1 \|\| =2.39-r10 \|\| =2.39-r2 \|\| =2.39-r3 \|\| =2.39-r4 \|\| =2.39-r5 \|\| =2.39-r6 \|\| =2.39-r7 \|\| =2.39-r8 \|\| =2.39-r9 \|\| =2.39.1-r0 \|\| =2.39.2-r0 \|\| =2.39.2-r1 \|\| =2.39.3-r0 \|\| =2.39.3-r1 \|\| =2.39.3-r2 \|\| >=0 <2.40-r0	2.40-r0
debian 11	util-linux	=2.36.1-8 \|\| =2.36.1-8+deb11u1 \|\| >=0 <2.36.1-8+deb11u2	2.36.1-8+deb11u2
debian 13	util-linux	>=0 <2.39.3-11	2.39.3-11
debian 14	util-linux	>=0 <2.39.3-11	2.39.3-11
alpine v3.23	util-linux	=2.14.1-r0 \|\| =2.14.1-r1 \|\| =2.14.2-r0 \|\| =2.16-r0 \|\| =2.16-r1 \|\| =2.16-r2 \|\| =2.16.2-r0 \|\| =2.17-r0 \|\| =2.17.1-r0 \|\| =2.17.1-r1 \|\| =2.17.2-r0 \|\| =2.18-r0 \|\| =2.18-r1 \|\| =2.18-r2 \|\| =2.19.1-r0 \|\| =2.19.1-r1 \|\| =2.19.1-r2 \|\| =2.20-r0 \|\| =2.20-r1 \|\| =2.21-r0 \|\| =2.21.1-r0 \|\| =2.21.2-r0 \|\| =2.22.1-r0 \|\| =2.22.2-r0 \|\| =2.23.1-r0 \|\| =2.23.2-r0 \|\| =2.23.2-r1 \|\| =2.23.2-r2 \|\| =2.23.2-r3 \|\| =2.23.2-r4 \|\| =2.23.2-r5 \|\| =2.24.2-r0 \|\| =2.24.2-r1 \|\| =2.24.2-r2 \|\| =2.24.2-r3 \|\| =2.24.2-r4 \|\| =2.25.2-r0 \|\| =2.25.2-r1 \|\| =2.25.2-r2 \|\| =2.26.1-r0 \|\| =2.26.2-r0 \|\| =2.26.2-r1 \|\| =2.27-r0 \|\| =2.27-r1 \|\| =2.27.1-r0 \|\| =2.27.1-r1 \|\| =2.28-r0 \|\| =2.28-r1 \|\| =2.28-r2 \|\| =2.28-r3 \|\| =2.28-r4 \|\| =2.28.1-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.28.2-r2 \|\| =2.30.1-r0 \|\| =2.30.2-r0 \|\| =2.31-r0 \|\| =2.32-r0 \|\| =2.33-r0 \|\| =2.33.2-r0 \|\| =2.34-r0 \|\| =2.34-r1 \|\| =2.35-r0 \|\| =2.35.1-r0 \|\| =2.35.1-r1 \|\| =2.35.1-r2 \|\| =2.35.1-r3 \|\| =2.35.1-r4 \|\| =2.35.2-r0 \|\| =2.35.2-r1 \|\| =2.35.2-r2 \|\| =2.36-r0 \|\| =2.36-r1 \|\| =2.36-r2 \|\| =2.36.1-r0 \|\| =2.36.1-r1 \|\| =2.36.2-r0 \|\| =2.36.2-r1 \|\| =2.36.2-r2 \|\| =2.37-r0 \|\| =2.37-r1 \|\| =2.37-r2 \|\| =2.37-r3 \|\| =2.37-r4 \|\| =2.37.1-r0 \|\| =2.37.2-r0 \|\| =2.37.2-r1 \|\| =2.37.2-r2 \|\| =2.37.2-r3 \|\| =2.37.2-r4 \|\| =2.37.2-r5 \|\| =2.37.2-r6 \|\| =2.37.2-r7 \|\| =2.37.3-r0 \|\| =2.37.3-r1 \|\| =2.37.4-r0 \|\| =2.37.4-r1 \|\| =2.38-r0 \|\| =2.38-r1 \|\| =2.38-r2 \|\| =2.38-r3 \|\| =2.38.1-r0 \|\| =2.38.1-r1 \|\| =2.38.1-r2 \|\| =2.38.1-r3 \|\| =2.38.1-r4 \|\| =2.38.1-r5 \|\| =2.38.1-r6 \|\| =2.38.1-r7 \|\| =2.38.1-r8 \|\| =2.39-r0 \|\| =2.39-r1 \|\| =2.39-r10 \|\| =2.39-r2 \|\| =2.39-r3 \|\| =2.39-r4 \|\| =2.39-r5 \|\| =2.39-r6 \|\| =2.39-r7 \|\| =2.39-r8 \|\| =2.39-r9 \|\| =2.39.1-r0 \|\| =2.39.2-r0 \|\| =2.39.2-r1 \|\| =2.39.3-r0 \|\| =2.39.3-r1 \|\| =2.39.3-r2 \|\| >=0 <2.40-r0	2.40-r0

Aliases

1. CVE-2024-280852. NVD-2024-280853. OSV-ALPINE-2024-280854. OSV-2024-280855. OSV-DEBIAN-2024-280856. SECURITY-CVE-2024-280857. SECURITY-TRACKER-CVE-2024-28085

References

1. https://github.com/skyler-ferrante/CVE-2024-28085

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.