Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-46387: ConEmu CVE-2022-46387

ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.

CVE
#vulnerability#git#rce

This is here to provide the needed details for CVE-2022-46387.

Product: "ConEmu-Maximus5", aka. ConEmu, https://conemu.github.io/

Vendor: Maksim Moisiuk

Fixed version: >= 221218 (released 18 December 2022).

Links:

  • https://conemu.github.io/blog/2022/12/18/Build-221218.html
  • https://github.com/cmderdev/cmder/releases/tag/v1.3.21

Vulnerability: A variant of CVE-2003-0063 (!), title reporting can lead to remote code execution.

Credit: David Leadbeater

Related news

CVE-2023-39726: ""?! ANSI Terminal security in 2023 and finding 10 CVEs

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

CVE-2022-23465: Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malici

SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Version a94e6b24d24ce9680ad79884992e1dff8e150a31 contains a patch for this issue. There are no known workarounds available.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907