Headline

CVE-2023-39150: gh-2536: Do not emit control characters in title reports (capability … · Maximus5/ConEmu@60683a1

ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.

1 year ago

CVE

Open in Source

#c++

Expand Up

@@ -985,7 +985,7 @@ bool SrvAnsiImpl::ReportString(LPCWSTR asRet)

LPCWSTR pc = asRet;

for (int i = 0; i < nLen; i++, p++, pc++)

{

const char ch = *pc >= 0x20 ? *pc : L’ ';

const char ch = (*pc == 0x1B || *pc >= 0x20) ? *pc : L’ ';

p->EventType = KEY_EVENT;

p->Event.KeyEvent.bKeyDown = TRUE;

p->Event.KeyEvent.wRepeatCount = 1;

Expand Down Expand Up

@@ -2474,4 +2474,3 @@ void SrvAnsiImpl::XTermAltBuffer(bool bSetAltBuffer/*, condata::TablePtr& table*

}

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

12 months ago

CVE

Open in Source

#xss #vulnerability #web #mac #windows #apple #linux #debian #red_hat #dos #git #kubernetes #rce #perl #pdf #buffer_overflow #auth #ssh #ssl

CVE-2022-47583: "[31m"?! ANSI Terminal security in 2023 and finding 10 CVEs

Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.

12 months ago

CVE

Open in Source

#xss #vulnerability #web #mac #windows #apple #linux #debian #red_hat #dos #git #kubernetes #rce #perl #pdf #buffer_overflow #auth #ssh #ssl

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

10 months ago

10 months ago

10 months ago

10 months ago

10 months ago

Headline

CVE-2023-39150: gh-2536: Do not emit control characters in title reports (capability … · Maximus5/ConEmu@60683a1

Related news

CVE: Latest News