iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.
References
Link | Resource |
---|---|
https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce | Exploit Third Party Advisory |
https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5 | Patch |
https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 | Patch |
https://iterm2.com/news.html | Release Notes |
https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce | Exploit Third Party Advisory |
https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5 | Patch |
https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 | Patch |
https://iterm2.com/news.html | Release Notes |
Configurations
History
21 Nov 2024, 08:28
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce - Exploit, Third Party Advisory | |
References | () https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5 - Patch | |
References | () https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 - Patch | |
References | () https://iterm2.com/news.html - Release Notes |
31 Oct 2023, 17:08
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-116 | |
References | (MISC) https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5 - Patch | |
References | (MISC) https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce - Exploit, Third Party Advisory | |
References | (MISC) https://iterm2.com/news.html - Release Notes | |
References | (MISC) https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 - Patch | |
First Time |
Iterm2 iterm2
Iterm2 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:* |
22 Oct 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-22 04:15
Updated : 2024-11-21 08:28
NVD link : CVE-2023-46300
Mitre link : CVE-2023-46300
CVE.ORG link : CVE-2023-46300
JSON object : View
Products Affected
iterm2
- iterm2
CWE
CWE-116
Improper Encoding or Escaping of Output