{"id":"ALPINE-CVE-2024-28085","details":"wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.","modified":"2026-03-09T01:28:27.652991Z","published":"2024-03-27T19:15:48.367Z","upstream":["CVE-2024-28085"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2024-28085"}],"affected":[{"package":{"name":"util-linux","ecosystem":"Alpine:v3.20","purl":"pkg:apk/alpine/util-linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.40-r0"}]}],"versions":["2.14.1-r0","2.14.1-r1","2.14.2-r0","2.16-r0","2.16-r1","2.16-r2","2.16.2-r0","2.17-r0","2.17.1-r0","2.17.1-r1","2.17.2-r0","2.18-r0","2.18-r1","2.18-r2","2.19.1-r0","2.19.1-r1","2.19.1-r2","2.20-r0","2.20-r1","2.21-r0","2.21.1-r0","2.21.2-r0","2.22.1-r0","2.22.2-r0","2.23.1-r0","2.23.2-r0","2.23.2-r1","2.23.2-r2","2.23.2-r3","2.23.2-r4","2.23.2-r5","2.24.2-r0","2.24.2-r1","2.24.2-r2","2.24.2-r3","2.24.2-r4","2.25.2-r0","2.25.2-r1","2.25.2-r2","2.26.1-r0","2.26.2-r0","2.26.2-r1","2.27-r0","2.27-r1","2.27.1-r0","2.27.1-r1","2.28-r0","2.28-r1","2.28-r2","2.28-r3","2.28-r4","2.28.1-r0","2.28.2-r0","2.28.2-r1","2.28.2-r2","2.30.1-r0","2.30.2-r0","2.31-r0","2.32-r0","2.33-r0","2.33.2-r0","2.34-r0","2.34-r1","2.35-r0","2.35.1-r0","2.35.1-r1","2.35.1-r2","2.35.1-r3","2.35.1-r4","2.35.2-r0","2.35.2-r1","2.35.2-r2","2.36-r0","2.36-r1","2.36-r2","2.36.1-r0","2.36.1-r1","2.36.2-r0","2.36.2-r1","2.36.2-r2","2.37-r0","2.37-r1","2.37-r2","2.37-r3","2.37-r4","2.37.1-r0","2.37.2-r0","2.37.2-r1","2.37.2-r2","2.37.2-r3","2.37.2-r4","2.37.2-r5","2.37.2-r6","2.37.2-r7","2.37.3-r0","2.37.3-r1","2.37.4-r0","2.37.4-r1","2.38-r0","2.38-r1","2.38-r2","2.38-r3","2.38.1-r0","2.38.1-r1","2.38.1-r2","2.38.1-r3","2.38.1-r4","2.38.1-r5","2.38.1-r6","2.38.1-r7","2.38.1-r8","2.39-r0","2.39-r1","2.39-r10","2.39-r2","2.39-r3","2.39-r4","2.39-r5","2.39-r6","2.39-r7","2.39-r8","2.39-r9","2.39.1-r0","2.39.2-r0","2.39.2-r1","2.39.3-r0","2.39.3-r1","2.39.3-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2024-28085.json"}},{"package":{"name":"util-linux","ecosystem":"Alpine:v3.21","purl":"pkg:apk/alpine/util-linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.40-r0"}]}],"versions":["2.14.1-r0","2.14.1-r1","2.14.2-r0","2.16-r0","2.16-r1","2.16-r2","2.16.2-r0","2.17-r0","2.17.1-r0","2.17.1-r1","2.17.2-r0","2.18-r0","2.18-r1","2.18-r2","2.19.1-r0","2.19.1-r1","2.19.1-r2","2.20-r0","2.20-r1","2.21-r0","2.21.1-r0","2.21.2-r0","2.22.1-r0","2.22.2-r0","2.23.1-r0","2.23.2-r0","2.23.2-r1","2.23.2-r2","2.23.2-r3","2.23.2-r4","2.23.2-r5","2.24.2-r0","2.24.2-r1","2.24.2-r2","2.24.2-r3","2.24.2-r4","2.25.2-r0","2.25.2-r1","2.25.2-r2","2.26.1-r0","2.26.2-r0","2.26.2-r1","2.27-r0","2.27-r1","2.27.1-r0","2.27.1-r1","2.28-r0","2.28-r1","2.28-r2","2.28-r3","2.28-r4","2.28.1-r0","2.28.2-r0","2.28.2-r1","2.28.2-r2","2.30.1-r0","2.30.2-r0","2.31-r0","2.32-r0","2.33-r0","2.33.2-r0","2.34-r0","2.34-r1","2.35-r0","2.35.1-r0","2.35.1-r1","2.35.1-r2","2.35.1-r3","2.35.1-r4","2.35.2-r0","2.35.2-r1","2.35.2-r2","2.36-r0","2.36-r1","2.36-r2","2.36.1-r0","2.36.1-r1","2.36.2-r0","2.36.2-r1","2.36.2-r2","2.37-r0","2.37-r1","2.37-r2","2.37-r3","2.37-r4","2.37.1-r0","2.37.2-r0","2.37.2-r1","2.37.2-r2","2.37.2-r3","2.37.2-r4","2.37.2-r5","2.37.2-r6","2.37.2-r7","2.37.3-r0","2.37.3-r1","2.37.4-r0","2.37.4-r1","2.38-r0","2.38-r1","2.38-r2","2.38-r3","2.38.1-r0","2.38.1-r1","2.38.1-r2","2.38.1-r3","2.38.1-r4","2.38.1-r5","2.38.1-r6","2.38.1-r7","2.38.1-r8","2.39-r0","2.39-r1","2.39-r10","2.39-r2","2.39-r3","2.39-r4","2.39-r5","2.39-r6","2.39-r7","2.39-r8","2.39-r9","2.39.1-r0","2.39.2-r0","2.39.2-r1","2.39.3-r0","2.39.3-r1","2.39.3-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2024-28085.json"}},{"package":{"name":"util-linux","ecosystem":"Alpine:v3.22","purl":"pkg:apk/alpine/util-linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.40-r0"}]}],"versions":["2.14.1-r0","2.14.1-r1","2.14.2-r0","2.16-r0","2.16-r1","2.16-r2","2.16.2-r0","2.17-r0","2.17.1-r0","2.17.1-r1","2.17.2-r0","2.18-r0","2.18-r1","2.18-r2","2.19.1-r0","2.19.1-r1","2.19.1-r2","2.20-r0","2.20-r1","2.21-r0","2.21.1-r0","2.21.2-r0","2.22.1-r0","2.22.2-r0","2.23.1-r0","2.23.2-r0","2.23.2-r1","2.23.2-r2","2.23.2-r3","2.23.2-r4","2.23.2-r5","2.24.2-r0","2.24.2-r1","2.24.2-r2","2.24.2-r3","2.24.2-r4","2.25.2-r0","2.25.2-r1","2.25.2-r2","2.26.1-r0","2.26.2-r0","2.26.2-r1","2.27-r0","2.27-r1","2.27.1-r0","2.27.1-r1","2.28-r0","2.28-r1","2.28-r2","2.28-r3","2.28-r4","2.28.1-r0","2.28.2-r0","2.28.2-r1","2.28.2-r2","2.30.1-r0","2.30.2-r0","2.31-r0","2.32-r0","2.33-r0","2.33.2-r0","2.34-r0","2.34-r1","2.35-r0","2.35.1-r0","2.35.1-r1","2.35.1-r2","2.35.1-r3","2.35.1-r4","2.35.2-r0","2.35.2-r1","2.35.2-r2","2.36-r0","2.36-r1","2.36-r2","2.36.1-r0","2.36.1-r1","2.36.2-r0","2.36.2-r1","2.36.2-r2","2.37-r0","2.37-r1","2.37-r2","2.37-r3","2.37-r4","2.37.1-r0","2.37.2-r0","2.37.2-r1","2.37.2-r2","2.37.2-r3","2.37.2-r4","2.37.2-r5","2.37.2-r6","2.37.2-r7","2.37.3-r0","2.37.3-r1","2.37.4-r0","2.37.4-r1","2.38-r0","2.38-r1","2.38-r2","2.38-r3","2.38.1-r0","2.38.1-r1","2.38.1-r2","2.38.1-r3","2.38.1-r4","2.38.1-r5","2.38.1-r6","2.38.1-r7","2.38.1-r8","2.39-r0","2.39-r1","2.39-r10","2.39-r2","2.39-r3","2.39-r4","2.39-r5","2.39-r6","2.39-r7","2.39-r8","2.39-r9","2.39.1-r0","2.39.2-r0","2.39.2-r1","2.39.3-r0","2.39.3-r1","2.39.3-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2024-28085.json"}},{"package":{"name":"util-linux","ecosystem":"Alpine:v3.23","purl":"pkg:apk/alpine/util-linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.40-r0"}]}],"versions":["2.14.1-r0","2.14.1-r1","2.14.2-r0","2.16-r0","2.16-r1","2.16-r2","2.16.2-r0","2.17-r0","2.17.1-r0","2.17.1-r1","2.17.2-r0","2.18-r0","2.18-r1","2.18-r2","2.19.1-r0","2.19.1-r1","2.19.1-r2","2.20-r0","2.20-r1","2.21-r0","2.21.1-r0","2.21.2-r0","2.22.1-r0","2.22.2-r0","2.23.1-r0","2.23.2-r0","2.23.2-r1","2.23.2-r2","2.23.2-r3","2.23.2-r4","2.23.2-r5","2.24.2-r0","2.24.2-r1","2.24.2-r2","2.24.2-r3","2.24.2-r4","2.25.2-r0","2.25.2-r1","2.25.2-r2","2.26.1-r0","2.26.2-r0","2.26.2-r1","2.27-r0","2.27-r1","2.27.1-r0","2.27.1-r1","2.28-r0","2.28-r1","2.28-r2","2.28-r3","2.28-r4","2.28.1-r0","2.28.2-r0","2.28.2-r1","2.28.2-r2","2.30.1-r0","2.30.2-r0","2.31-r0","2.32-r0","2.33-r0","2.33.2-r0","2.34-r0","2.34-r1","2.35-r0","2.35.1-r0","2.35.1-r1","2.35.1-r2","2.35.1-r3","2.35.1-r4","2.35.2-r0","2.35.2-r1","2.35.2-r2","2.36-r0","2.36-r1","2.36-r2","2.36.1-r0","2.36.1-r1","2.36.2-r0","2.36.2-r1","2.36.2-r2","2.37-r0","2.37-r1","2.37-r2","2.37-r3","2.37-r4","2.37.1-r0","2.37.2-r0","2.37.2-r1","2.37.2-r2","2.37.2-r3","2.37.2-r4","2.37.2-r5","2.37.2-r6","2.37.2-r7","2.37.3-r0","2.37.3-r1","2.37.4-r0","2.37.4-r1","2.38-r0","2.38-r1","2.38-r2","2.38-r3","2.38.1-r0","2.38.1-r1","2.38.1-r2","2.38.1-r3","2.38.1-r4","2.38.1-r5","2.38.1-r6","2.38.1-r7","2.38.1-r8","2.39-r0","2.39-r1","2.39-r10","2.39-r2","2.39-r3","2.39-r4","2.39-r5","2.39-r6","2.39-r7","2.39-r8","2.39-r9","2.39.1-r0","2.39.2-r0","2.39.2-r1","2.39.3-r0","2.39.3-r1","2.39.3-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2024-28085.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}