Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-JQ43-Q8MX-R7MQ
HistoryJul 14, 2023 - 9:58 p.m.

SwiftTerm Code Injection vulnerability

2023-07-1421:58:43
Google
osv.dev
4

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.8%

JSON

Impact

Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user’s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Credit

These bugs were found and disclosed by David Leadbeater <[email protected]> (@dgl at Github.com)

Patches

Fixed in version ce596e0dc8cdb288bc7ed5c6a59011ee3a8dc171

Workarounds

There are no workarounds available

References

Similar exploits to this existed in the past, for terminal emulators:

https://nvd.nist.gov/vuln/detail/CVE-2003-0063
https://nvd.nist.gov/vuln/detail/CVE-2008-2383

Additional background and information is also available:

https://marc.info/?l=bugtraq&m=104612710031920&w=2
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030

Related

github 1
cve 4
prion 3
openvas 57
nessus 26
ubuntucve 3
fedora 5
debiancve 2
osv 3
redhat 3
centos 2
freebsd 1
debian 3
slackware 1
veracode 1
gentoo 1
oraclelinux 1
ubuntu 1
securityvulns 3
threatpost 1
github
github
SwiftTerm Code Injection vulnerability
2023-07-14 21:58:43
cve
cve
CVE-2008-2383
2009-01-02 18:11:00
CVE-2003-0063
2003-03-03 05:00:00
CVE-2022-23465
2022-12-02 23:15:00
prion
prion
Crlf injection
2009-01-02 18:11:00
Design/Logic Flaw
2022-12-02 23:15:00
Code injection
2017-01-23 21:59:00
openvas
openvas
Fedora Core 8 FEDORA-2009-0154 (xterm)
2009-01-07 00:00:00
FreeBSD Ports: xterm
2009-01-07 00:00:00
Fedora Core 10 FEDORA-2009-0091 (xterm)
2009-01-07 00:00:00
nessus
nessus
Fedora 8 : xterm-238-1.fc8 (2009-0154)
2009-01-16 00:00:00
Fedora 9 : xterm-238-1.fc9 (2009-0059)
2009-01-16 00:00:00
Fedora 38 : kitty (2023-a004ecb3f8)
2023-07-26 00:00:00
ubuntucve
ubuntucve
CVE-2008-2383
2009-01-02 00:00:00
CVE-2003-0063
2003-03-03 00:00:00
CVE-2015-8971
2017-01-23 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: xterm-238-1.fc10
2009-01-07 09:16:50
[SECURITY] Fedora 8 Update: xterm-238-1.fc8
2009-01-07 09:25:00
[SECURITY] Fedora 9 Update: xterm-238-1.fc9
2009-01-07 09:12:14
debiancve
debiancve
CVE-2008-2383
2009-01-02 18:11:00
CVE-2015-8971
2017-01-23 21:59:00
osv
osv
CVE-2022-23465
2022-12-02 23:15:16
xterm - remote code execution
2009-01-02 00:00:00
xfree86 - buffer overflows, denial of service
2003-09-12 00:00:00
redhat
redhat
(RHSA-2009:0018) Important: xterm security update
2009-01-07 00:00:00
(RHSA-2009:0019) Important: hanterm-xf security update
2009-01-07 00:00:00
(RHSA-2003:065) XFree86 security update
2003-06-25 00:00:00
centos
centos
hanterm security update
2009-02-02 23:25:09
xterm security update
2009-01-07 22:24:51
freebsd
freebsd
xterm -- DECRQSS remote command execution vulnerability
2008-12-28 00:00:00
debian
debian
[SECURITY] [DSA 1694-1] New xterm packages fix remote code execution
2009-01-02 19:07:44
[SECURITY] [DSA 1694-2] New xterm packages fix regression
2009-01-06 11:40:11
[SECURITY] [DSA-380-1] New xfree86 packages fix multiple vulnerabilities
2003-09-12 18:55:36
slackware
slackware
xterm
2009-03-10 10:26:52
veracode
veracode
CRLF Injection
2020-04-10 00:28:46
gentoo
gentoo
xterm: User-assisted arbitrary commands execution
2009-02-12 00:00:00
oraclelinux
oraclelinux
xterm security update
2009-01-07 00:00:00
ubuntu
ubuntu
xterm vulnerabilities
2009-01-06 00:00:00
securityvulns
securityvulns
[RHSA-2003:067-00] Updated XFree86 packages provide security and bug fixes
2003-06-25 00:00:00
Terminal Emulator Security Issues
2003-02-25 00:00:00
About the security content of Security Update 2009-002 / Mac OS X v10.5.7
2009-05-14 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.8%

JSON
Related for OSV:GHSA-JQ43-Q8MX-R7MQ
github1cve4prion3openvas57nessus26ubuntucve3fedora5debiancve2osv3redhat3centos2freebsd1debian3slackware1veracode1gentoo1oraclelinux1ubuntu1securityvulns3threatpost1