Headline
CVE-2022-46387: ConEmu CVE-2022-46387
ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.
This is here to provide the needed details for CVE-2022-46387.
Product: "ConEmu-Maximus5", aka. ConEmu, https://conemu.github.io/
Vendor: Maksim Moisiuk
Fixed version: >= 221218 (released 18 December 2022).
Links:
- https://conemu.github.io/blog/2022/12/18/Build-221218.html
- https://github.com/cmderdev/cmder/releases/tag/v1.3.21
Vulnerability: A variant of CVE-2003-0063 (!), title reporting can lead to remote code execution.
Credit: David Leadbeater
Related news
An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.
SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Version a94e6b24d24ce9680ad79884992e1dff8e150a31 contains a patch for this issue. There are no known workarounds available.