Lucene search

[email protected]CVE-2023-46300

HistoryOct 22, 2023 - 4:15 a.m.

CVE-2023-46300

2023-10-2204:15:09

CWE-116

[email protected]

web.nvd.nist.gov

iterm2

3.4.20

code execution

security vulnerability

cve-2023-46300

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON

iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.

Affected configurations

NVD

Node

iterm2iterm2Range<3.4.20

CPENameOperatorVersion
iterm2:iterm2iterm2lt3.4.20

CPE	Name	Operator	Version
iterm2:iterm2	iterm2	lt	3.4.20

References

blog.solidsnail.com/posts/2023-08-28-iterm2-rce

github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5

github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009

iterm2.com/news.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON

Related for CVE-2023-46300

prion1 osv1 cvelist1 nvd1