Lucene search

GoogleOSV:GO-2023-2068

HistoryAug 21, 2024 - 2:30 p.m.

Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device in github.com/schollz/croc

2024-08-2114:30:18

Google

osv.dev

croc sender

ansi escape

csi escape

filename

terminal device

github

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

JSON

Croc sender may place ANSI or CSI escape sequences in filename to attach receiver’s terminal device in github.com/schollz/croc

References

www.openwall.com/lists/oss-security/2023/09/21/5

github.com/advisories/GHSA-364c-vvqx-446c

github.com/schollz/croc/commit/3f12f75fae2e844c555ec01eeba0b8474938e93a

github.com/schollz/croc/issues/595

github.com/schollz/croc/pull/697

nvd.nist.gov/vuln/detail/CVE-2023-43620

www.openwall.com/lists/oss-security/2023/09/08/2

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

JSON

Related for OSV:GO-2023-2068