Lucene search

GoogleOSV:CVE-2023-46301

HistoryOct 22, 2023 - 4:15 a.m.

CVE-2023-46301

2023-10-2204:15:09

Google

osv.dev

iterm2

remote code execution

vulnerability

escape sequences

upload

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.0%

JSON

iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.

CPENameOperatorVersion
iterm2eq3.0.5
iterm2eq20211019-nightly
iterm2eq3.0.14
iterm2eq20190527-nightly
iterm2eq20210404-nightly
iterm2eq3.3.3beta2
iterm2eq20190309-nightly
iterm2eq20230511-nightly
iterm2eq3.0.8
iterm2eq20201003-nightly

Name	Operator	Version
iterm2	eq	3.0.5
iterm2	eq	20211019-nightly
iterm2	eq	3.0.14
iterm2	eq	20190527-nightly
iterm2	eq	20210404-nightly
iterm2	eq	3.3.3beta2
iterm2	eq	20190309-nightly
iterm2	eq	20230511-nightly
iterm2	eq	3.0.8
iterm2	eq	20201003-nightly

Rows per page:

1-10 of 10751

References

blog.solidsnail.com/posts/2023-08-28-iterm2-rce

github.com/gnachman/iTerm2/commit/85cbf5ebda472c9ec295887e99c2b6f1b5867f1b

github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009

iterm2.com/news.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.0%

JSON

Related for OSV:CVE-2023-46301