PT-2023-14924 · Conemu+1 · Conemu+1

David Leadbeater

Publicado

2023-03-28

Atualizado

2024-03-16

CVE-2022-46387

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ConEmu versions prior to 220807 Cmder versions prior to 1.3.21

Description The issue allows an attacker to change the title of the terminal, including control characters, which can then be executed as commands. This is related to the handling of ASCII escape sequences, which can alter terminal states, including executing commands in affected terminals.

Recommendations For ConEmu versions prior to 220807, update to version 220807 or later to resolve the issue. For Cmder versions prior to 1.3.21, update to version 1.3.21 or later to resolve the issue. As a temporary workaround, consider restricting the use of control characters in terminal titles to minimize the risk of exploitation.

Correção

Improper Encoding or Escaping of Output

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-116

Identificadores relacionados

CVE-2022-46387

Produtos afetados

Cmder

Conemu

PT-2023-14924 · Conemu+1 · Conemu+1

CVE-2022-46387

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6