Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-39150: gh-2536: Do not emit control characters in title reports (capability … · Maximus5/ConEmu@60683a1

ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.

CVE
#c++

Expand Up

@@ -985,7 +985,7 @@ bool SrvAnsiImpl::ReportString(LPCWSTR asRet)

LPCWSTR pc = asRet;

for (int i = 0; i < nLen; i++, p++, pc++)

{

const char ch = *pc >= 0x20 ? *pc : L’ ';

const char ch = (*pc == 0x1B || *pc >= 0x20) ? *pc : L’ ';

p->EventType = KEY_EVENT;

p->Event.KeyEvent.bKeyDown = TRUE;

p->Event.KeyEvent.wRepeatCount = 1;

Expand Down Expand Up

@@ -2474,4 +2474,3 @@ void SrvAnsiImpl::XTermAltBuffer(bool bSetAltBuffer/*, condata::TablePtr& table*

}

}

Related news

CVE-2023-39726: ""?! ANSI Terminal security in 2023 and finding 10 CVEs

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907