Headline
CVE-2023-39150: gh-2536: Do not emit control characters in title reports (capability … · Maximus5/ConEmu@60683a1
ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.
Expand Up
@@ -985,7 +985,7 @@ bool SrvAnsiImpl::ReportString(LPCWSTR asRet)
LPCWSTR pc = asRet;
for (int i = 0; i < nLen; i++, p++, pc++)
{
const char ch = *pc >= 0x20 ? *pc : L’ ';
const char ch = (*pc == 0x1B || *pc >= 0x20) ? *pc : L’ ';
p->EventType = KEY_EVENT;
p->Event.KeyEvent.bKeyDown = TRUE;
p->Event.KeyEvent.wRepeatCount = 1;
Expand Down Expand Up
@@ -2474,4 +2474,3 @@ void SrvAnsiImpl::XTermAltBuffer(bool bSetAltBuffer/*, condata::TablePtr& table*
}
}
Related news
An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.