Lucene search

GoogleOSV:CVE-2023-46300

HistoryOct 22, 2023 - 4:15 a.m.

CVE-2023-46300

2023-10-2204:15:09

Google

osv.dev

iterm2

vulnerability

code execution

escape sequences

tmux integration

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

40.9%

JSON

iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.

CPENameOperatorVersion
iterm2eq3.0.5
iterm2eq20211019-nightly
iterm2eq3.0.14
iterm2eq20190527-nightly
iterm2eq20210404-nightly
iterm2eq3.3.3beta2
iterm2eq20190309-nightly
iterm2eq20230511-nightly
iterm2eq3.0.8
iterm2eq20201003-nightly

Name	Operator	Version
iterm2	eq	3.0.5
iterm2	eq	20211019-nightly
iterm2	eq	3.0.14
iterm2	eq	20190527-nightly
iterm2	eq	20210404-nightly
iterm2	eq	3.3.3beta2
iterm2	eq	20190309-nightly
iterm2	eq	20230511-nightly
iterm2	eq	3.0.8
iterm2	eq	20201003-nightly

Rows per page:

1-10 of 10751

References

blog.solidsnail.com/posts/2023-08-28-iterm2-rce

github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5

github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009

iterm2.com/news.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

40.9%

JSON

Related for OSV:CVE-2023-46300