CVE-2024-23749

Name of the Vulnerable Software and Affected Versions: KiTTY versions 0.76.1.13 and before

Description: The issue is related to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls. This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution. The vulnerability occurs due to the lack of proper data cleaning at the management level.

Recommendations: For KiTTY versions 0.76.1.13 and before, consider disabling the use of the filename variable until a patch is available to prevent command injection attacks. Restrict access to the system calls at lines 2369-2390 to minimize the risk of exploitation. Avoid using special characters in the filename variable to reduce the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.