Lucene search
Solid-snail583133AF-7AE6-4A21-BEEF-A4B0182CF82EHistoryJan 02, 2023 - 10:19 p.m.
ANSI Escape Sequence Injection
2023-01-0222:19:16
solid-snail
www.huntr.dev
7
escape sequences
injection
data concealment
code execution
hex dump
visual mode
disassembly
location search
bug bounty
linux
gnome terminal
0.001 Low
EPSS
Percentile
25.7%
Description
Injection of escape sequences opens up the possibility for concealing / modifying viewed data, and code execution (as some esc seqs feed data back to stdin).
Proof of Concept
So far, the places I managed to find a successful injection are:
- when running
idfrom the file name - func signature in hex dump in visual mode
- func signature in disassembly and comment in disassembly
- func signature in location search (
_in visual mode)
In the poc it is demonstrated by a change in color.
Environment
radare2 5.8.1 29949 @ linux-x86-64 git.5.8.0-65-g1100e12169
commit: 1100e12169dbdbe10081d4094129a5247738ecb1
tested in gnome-terminal
Related
cve
cve
CVE-2023-0302
2023-01-15 01:15:15
ubuntucve
ubuntucve
CVE-2023-0302
2023-01-15 00:00:00
osv
osv
CVE-2023-0302
2023-01-15 01:15:15
nvd
nvd
CVE-2023-0302
2023-01-15 01:15:15
veracode
veracode
Special Element Injection
2023-01-31 10:49:57
cvelist
cvelist
prion
prion
Design/Logic Flaw
2023-01-15 01:15:00
alpinelinux
alpinelinux
CVE-2023-0302
2023-01-15 01:15:15
cnvd
cnvd
radare2 injection vulnerability
2023-01-16 00:00:00
debiancve
debiancve
CVE-2023-0302
2023-01-15 01:15:15