Headline

CVE-2023-39150: gh-2536: Do not emit control characters in title reports (capability … · Maximus5/ConEmu@60683a1

ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.

1 year ago

CVE

Open in Source

#c++

Expand Up

@@ -985,7 +985,7 @@ bool SrvAnsiImpl::ReportString(LPCWSTR asRet)

LPCWSTR pc = asRet;

for (int i = 0; i < nLen; i++, p++, pc++)

{

const char ch = *pc >= 0x20 ? *pc : L’ ';

const char ch = (*pc == 0x1B || *pc >= 0x20) ? *pc : L’ ';

p->EventType = KEY_EVENT;

p->Event.KeyEvent.bKeyDown = TRUE;

p->Event.KeyEvent.wRepeatCount = 1;

Expand Down Expand Up

@@ -2474,4 +2474,3 @@ void SrvAnsiImpl::XTermAltBuffer(bool bSetAltBuffer/*, condata::TablePtr& table*

}

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

1 year ago

CVE

Open in Source

#xss #vulnerability #web #mac #windows #apple #linux #debian #red_hat #dos #git #kubernetes #rce #perl #pdf #buffer_overflow #auth #ssh #ssl

CVE-2022-47583: "[31m"?! ANSI Terminal security in 2023 and finding 10 CVEs

Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.

1 year ago

CVE

Open in Source

#xss #vulnerability #web #mac #windows #apple #linux #debian #red_hat #dos #git #kubernetes #rce #perl #pdf #buffer_overflow #auth #ssh #ssl

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago

Headline

CVE-2023-39150: gh-2536: Do not emit control characters in title reports (capability … · Maximus5/ConEmu@60683a1

Related news

CVE: Latest News