An out-of-bounds data access in minicom might allow remote attackers to execute arbitrary code.
|Package||net-dialup/minicom on all architectures|
|Affected versions||< 2.7.1|
|Unaffected versions||>= 2.7.1|
Minicom is a text-based serial port communications program.
In minicom before version 2.7.1, the escparms buffer in vt100.c is vulnerable to an overflow.
A remote attacker, able to connect to a minicom port, could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.
There is no known workaround at this time.
All minicom users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dialup/minicom-2.7.1"
June 06, 2017
June 06, 2017: 1