Hanterm-XF Loop-Based Escape Sequence Denial of Service Vulnerability

Hanterm-XF Loop-Based Escape Sequence Denial of Service Vulnerability

The hanterm-xf terminal fails to sufficiently filter certain potentially malicious loop-based escape sequences, leaving the terminal open to attacks including attacker initiated tight loops that may exhaust CPU resources.

The problem has been reported to result from a lack of sufficient sanitization of potentially malicious escape sequences, which are handled by the DEC UDK processor implementation in the vulnerable terminal.

It is possible to exploit this issue if an attacker can cause malicious escape sequences to be displayed in a terminal window of a vulnerable terminal emulator.