GitHub Advisory DatabaseGHSA-364C-VVQX-446CCroc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
19.8%
An issue was discovered in Croc before 9.6.16. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/schollz/croc/v9 | lt | 9.6.16 |
References
www.openwall.com/lists/oss-security/2023/09/21/5
github.com/advisories/GHSA-364c-vvqx-446c
github.com/schollz/croc/commit/3f12f75fae2e844c555ec01eeba0b8474938e93a
github.com/schollz/croc/issues/595
github.com/schollz/croc/pull/697
nvd.nist.gov/vuln/detail/CVE-2023-43620
www.openwall.com/lists/oss-security/2023/09/08/2
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
19.8%