CVE-2022-24952
CVE-2022-24952 is a medium-severity vulnerability in Eternal Terminal Project Eternal Terminal with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-20.
Key facts
- Severity: Medium (CVSS 3.x base score 6.5)
- EPSS exploit prediction: 1% (66th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-20
- Affected product: Eternal Terminal Project Eternal Terminal
- Published:
- Last modified:
Description
Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC socket.
Frequently asked questions
- What is CVE-2022-24952?
- Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC socket.
- How severe is CVE-2022-24952?
- CVE-2022-24952 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2022-24952 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (66th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-24952?
- CVE-2022-24952 affects Eternal Terminal Project Eternal Terminal. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2022-24952?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2022-24952 published?
- CVE-2022-24952 was published on 2022-08-16 and last updated on 2026-06-17.
References
- http://www.openwall.com/lists/oss-security/2023/02/16/1
- https://github.com/MisterTea/EternalTerminal/releases/tag/et-v6.2.0
- https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8cw3-6r98-g7cw
Affected products (1)
- cpe:2.3:a:eternal_terminal_project:eternal_terminal:*:*:*:*:*:*:*:*
More vulnerabilities in Eternal Terminal Project Eternal Terminal
- CVE-2022-24950 — High (CVSS 7.5): A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack…
- CVE-2022-24949 — High (CVSS 7.5): A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a…
- CVE-2022-24951 — High (CVSS 7.0): A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal…
- CVE-2023-23558 — Medium (CVSS 6.3): In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create…
- CVE-2022-48258 — Medium (CVSS 5.3): In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles.
- CVE-2022-48257 — Medium (CVSS 5.3): In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp.
All CVEs affecting Eternal Terminal Project Eternal Terminal →
Other CWE-20 (Improper Input Validation) vulnerabilities
- CVE-2026-48316 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48281 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48277 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48055 — Critical (CVSS 10.0): Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and…
- CVE-2026-34910 — Critical (CVSS 10.0): A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS…
- CVE-2026-33587 — Critical (CVSS 10.0): Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and…
Browse all CWE-20 (Improper Input Validation) vulnerabilities →