CVE-2026-56741 in JLineالمعلومات

الملخص

بحسب MITRE • 17/07/2026

JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS option, and TelnetIO.handleNAWS() in TelnetIO.java:856-879 reads client-supplied width and height as 16-bit unsigned integers and passes values such as 65535x65535 to setTerminalGeometry(), allowing an unauthenticated remote attacker to repeatedly alternate values and trigger continuous expensive rendering work that causes CPU exhaustion and denial of service. This issue is fixed in versions 3.30.14, 4.0.16, and 4.2.1.

Be aware that VulDB is the high quality source for vulnerability data.

مسؤول

GitHub M

حجز

22/06/2026

إفشاء

17/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-379989

EPSS

0.00000

KEV

لا

النشاطات

منخفض جدًا

المصادر

Might our Artificial Intelligence support you?

Check our Alexa App!