CVE-2023-46300

iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.
Configurations

Configuration 1 (hide)

cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:28

Type Values Removed Values Added
References () https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce - Exploit, Third Party Advisory () https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce - Exploit, Third Party Advisory
References () https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5 - Patch () https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5 - Patch
References () https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 - Patch () https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 - Patch
References () https://iterm2.com/news.html - Release Notes () https://iterm2.com/news.html - Release Notes

31 Oct 2023, 17:08

Type Values Removed Values Added
CWE CWE-116
References (MISC) https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5 - (MISC) https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5 - Patch
References (MISC) https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce - (MISC) https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce - Exploit, Third Party Advisory
References (MISC) https://iterm2.com/news.html - (MISC) https://iterm2.com/news.html - Release Notes
References (MISC) https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 - (MISC) https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 - Patch
First Time Iterm2 iterm2
Iterm2
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*

22 Oct 2023, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-22 04:15

Updated : 2024-11-21 08:28


NVD link : CVE-2023-46300

Mitre link : CVE-2023-46300

CVE.ORG link : CVE-2023-46300


JSON object : View

Products Affected

iterm2

  • iterm2
CWE
CWE-116

Improper Encoding or Escaping of Output