CVE-2023-43620

Name of the Vulnerable Software and Affected Versions Croc versions prior to 9.6.16

Description An issue was discovered in Croc where a sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver. This allows the sender to potentially exploit the receiver's terminal device.

Recommendations For Croc versions prior to 9.6.16, update to version 9.6.16 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing filenames received from senders to prevent the inclusion of ANSI or CSI escape sequences. Restrict access to sensitive terminal devices to minimize the risk of exploitation.