iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.
References
Link | Resource |
---|---|
https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce | Exploit Third Party Advisory |
https://github.com/gnachman/iTerm2/commit/85cbf5ebda472c9ec295887e99c2b6f1b5867f1b | Patch |
https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 | Patch |
https://iterm2.com/news.html | Release Notes |
Configurations
History
31 Oct 2023, 17:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Iterm2 iterm2
Iterm2 |
|
CWE | CWE-116 | |
CPE | cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/gnachman/iTerm2/commit/85cbf5ebda472c9ec295887e99c2b6f1b5867f1b - Patch | |
References | (MISC) https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce - Exploit, Third Party Advisory | |
References | (MISC) https://iterm2.com/news.html - Release Notes | |
References | (MISC) https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 - Patch |
22 Oct 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-22 04:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-46301
Mitre link : CVE-2023-46301
CVE.ORG link : CVE-2023-46301
JSON object : View
Products Affected
iterm2
- iterm2
CWE
CWE-116
Improper Encoding or Escaping of Output