{"id":"CVE-2024-37535","details":"GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.","modified":"2026-04-16T04:31:59.617794898Z","published":"2024-06-09T15:16:00.940Z","related":["SUSE-SU-2024:2151-1","SUSE-SU-2024:2152-1","SUSE-SU-2024:2153-1","SUSE-SU-2024:2180-1","openSUSE-SU-2024:14284-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/06/09/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/06/09/2"},{"type":"WEB","url":"https://gitlab.gnome.org/GNOME/vte/-/tags/0.76.3"},{"type":"REPORT","url":"https://gitlab.gnome.org/GNOME/vte/-/issues/2786"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/vte","events":[{"introduced":"0"},{"fixed":"036bc3ddcbb56f05c6ca76712a53b89dee1369e2"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.76.3"}]}}],"versions":["0.20.2","0.20.3","0.20.4","0.20.5","0.21.1","0.21.2","0.21.3","0.21.4","0.21.5","0.21.6","0.21.7","0.22.0","0.22.1","0.22.2","0.23.1","0.23.3","0.23.4","0.23.5","0.25.1","0.25.90","0.25.91","0.27.0","0.27.1","0.27.2","0.27.3","0.27.4","0.27.5","0.27.90","0.28.0","0.28.1","0.28.2","0.29.0","0.29.1","0.30.0","0.30.1","0.31.0","0.32.0","0.32.1","0.32.2","0.33.90","0.34.0","0.34.1","0.34.2","0.34.3","0.34.4","0.34.5","0.34.6","0.34.7","0.34.8","0.35.0","0.35.1","0.35.2","0.35.90","0.36.0","0.37.0","0.37.1","0.37.2","0.37.90","0.38.0","0.39.0","0.39.1","0.39.90","0.39.92","0.40.0","0.41.90","0.42.0","0.43.0","0.43.1","0.43.2","0.44.90","0.45.90","0.45.92","0.47.90","0.48.0","0.49.1","0.49.92","0.50.0","0.51.1","0.51.2","0.51.3","0.51.90","0.51.92","0.52.0","0.53.0","0.54.0","0.55.0","0.55.90","0.55.92","0.57.0","0.57.3","0.57.90","0.59.0","0.59.91","0.59.92","0.61.90","0.69.90","0.75.0","0.75.90","0.75.91","0.75.92","0.76.0","0.76.1","0.76.2","start","vte_0_1","vte_0_10","vte_0_10_1","vte_0_10_10","vte_0_10_11","vte_0_10_12","vte_0_10_13","vte_0_10_14","vte_0_10_15","vte_0_10_2","vte_0_10_3","vte_0_10_4","vte_0_10_5","vte_0_10_6","vte_0_10_7","vte_0_10_8","vte_0_10_9","vte_0_11_0","vte_0_11_1","vte_0_11_10","vte_0_11_11","vte_0_11_12","vte_0_11_13","vte_0_11_15","vte_0_11_16","vte_0_11_18","vte_0_11_19","vte_0_11_2","vte_0_11_20","vte_0_11_21","vte_0_11_3","vte_0_11_4","vte_0_11_5","vte_0_11_6","vte_0_11_7","vte_0_11_8","vte_0_11_9","vte_0_12_branchpoint","vte_0_13_0","vte_0_13_1","vte_0_13_2","vte_0_13_3","vte_0_13_4","vte_0_13_5","vte_0_13_6","vte_0_13_7","vte_0_14_0","vte_0_14_1","vte_0_14_2","vte_0_15_0","vte_0_15_1","vte_0_15_2","vte_0_15_3","vte_0_15_4","vte_0_15_5","vte_0_15_6","vte_0_16_0","vte_0_16_10","vte_0_16_11","vte_0_16_12","vte_0_16_13","vte_0_16_14","vte_0_16_2","vte_0_16_3","vte_0_16_4","vte_0_16_5","vte_0_16_6","vte_0_16_7","vte_0_16_8","vte_0_16_9","vte_0_17_1","vte_0_17_3","vte_0_17_4","vte_0_19_1","vte_0_19_2","vte_0_19_4","vte_0_2","vte_0_20_0","vte_0_20_1","vte_0_2_1","vte_0_2_2","vte_0_3","vte_0_3_1","vte_0_3_10","vte_0_3_11","vte_0_3_12","vte_0_3_13","vte_0_3_14","vte_0_3_15","vte_0_3_16","vte_0_3_17","vte_0_3_18","vte_0_3_19","vte_0_3_2","vte_0_3_20","vte_0_3_21","vte_0_3_22","vte_0_3_23","vte_0_3_24","vte_0_3_25","vte_0_3_26","vte_0_3_27","vte_0_3_28","vte_0_3_29","vte_0_3_3","vte_0_3_30","vte_0_3_4","vte_0_3_5","vte_0_3_6","vte_0_3_7","vte_0_3_8","vte_0_3_9","vte_0_4_0","vte_0_4_1","vte_0_4_2","vte_0_4_3","vte_0_4_4","vte_0_4_5","vte_0_4_6","vte_0_4_7","vte_0_4_8","vte_0_4_9","vte_0_5_0","vte_0_5_1","vte_0_5_2","vte_0_5_3","vte_0_5_4","vte_0_6_0","vte_0_7_0","vte_0_7_1","vte_0_7_2","vte_0_7_3","vte_0_7_4","vte_0_8_0","vte_0_8_1","vte_0_8_10","vte_0_8_11","vte_0_8_12","vte_0_8_13","vte_0_8_14","vte_0_8_15","vte_0_8_16","vte_0_8_17","vte_0_8_18","vte_0_8_19","vte_0_8_2","vte_0_8_3","vte_0_8_4","vte_0_8_5","vte_0_8_6","vte_0_8_7","vte_0_8_8","vte_0_8_9","vte_0_9_0","vte_0_9_2","vte_1_12_0","vte_1_16_1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-37535.json","vanir_signatures_modified":"2026-04-12T09:00:31Z","vanir_signatures":[{"signature_type":"Function","source":"https://gitlab.gnome.org/GNOME/vte@036bc3ddcbb56f05c6ca76712a53b89dee1369e2","target":{"function":"Terminal::DECSLPP","file":"src/vteseq.cc"},"digest":{"length":251,"function_hash":"184464887280805746400262371858933326766"},"deprecated":false,"id":"CVE-2024-37535-203a2f07","signature_version":"v1"},{"source":"https://gitlab.gnome.org/GNOME/vte@036bc3ddcbb56f05c6ca76712a53b89dee1369e2","signature_type":"Line","target":{"file":"src/vteseq.cc"},"digest":{"line_hashes":["3394652492431585631647938777054486316","7214757030152729282405270559652280230","184386023528256436686934357265194591431","339797217110799662909908935495080308516","251226264557186976079735793543067597091","110413574504199279525424665576456110521","24928150135568699170973627826721783310","44306110985472685837854014218163327465","94793568906280392476254652890068900226","265742879073549731199040634172752716291","239484359530403561407063260597250954450","237279811986901572608657313104344121905","105043753082385837662206875099212854454","272260603254799486231053867970376648783","79057625205786640576819325669314203709","216662731912598164623875886417022305369"],"threshold":0.9},"deprecated":false,"id":"CVE-2024-37535-3059c9c8","signature_version":"v1"},{"source":"https://gitlab.gnome.org/GNOME/vte@036bc3ddcbb56f05c6ca76712a53b89dee1369e2","signature_type":"Function","target":{"function":"Terminal::emit_resize_window","file":"src/vteseq.cc"},"digest":{"length":216,"function_hash":"201700689538540842706838861456507260378"},"deprecated":false,"id":"CVE-2024-37535-df4c515d","signature_version":"v1"},{"signature_type":"Function","source":"https://gitlab.gnome.org/GNOME/vte@036bc3ddcbb56f05c6ca76712a53b89dee1369e2","target":{"function":"Terminal::XTERM_WM","file":"src/vteseq.cc"},"digest":{"length":4171,"function_hash":"135723172094254761722789082796980335999"},"deprecated":false,"id":"CVE-2024-37535-f090769c","signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}]}