In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.

...

CVE-2024-58251

CVE-2024-58251 affects BusyBox netstat up to version 1.37.0. Local attackers can cause a denial of service by running a network application with argv[0] containing an ANSI terminal escape sequence, which locks the victim’s terminal when netstat is used. The issue is rooted in how netstat handles ...

less: Denial of service

Background less is a pager and text file viewer. Description less suffered from a flaw in its terminal escape sequence handling which made its filtering incomplete. Impact Malicious input could clear the terminal output or otherwise manipulate it with faked interactions. Workaround There is no...

SUSE CVE-2012-2142

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator...

Boa Webserver 0.94.x Terminal Escape Sequence in Logs Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37718/info Boa Webserver is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal...

CVE-2012-1095

osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted 1 build log or 2 build status that contains an escape sequence for a terminal emulator...

CVE-2009-4487

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

nginx Terminal Escape Sequence in Logs Command Injection Vulnerability

The 'nginx' program is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue affects nginx 0.7.64; other versions may also be affected. OpenVAS...

Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability

Acme SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.100447";...

Varnish 2.0.6 - Terminal Escape Sequence in Logs Command Injection

Varnish 2.0.6 - Terminal Escape Sequence in Logs Command Injection source: https://www.securityfocus.com/bid/37713/info Varnish is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute...

BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection

BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection source: https://www.securityfocus.com/bid/37718/info Boa Webserver is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to...

Nginx 0.7.64 - Terminal Escape Sequence in Logs Command Injection

source: https://www.securityfocus.com/bid/37711/info The 'nginx' program is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue affects nginx...

Ruby 1.9.1 - WEBrick 'Terminal Escape Sequence in Logs' Command Injection

source: https://www.securityfocus.com/bid/37710/info Ruby WEBrick is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. Attackers can exploit this issue to execute arbitrary commands in a terminal. Versions prior to the following a...

Cherokee 0.99.30 - Terminal Escape Sequence in Logs Command Injection

source: https://www.securityfocus.com/bid/37715/info Cherokee is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Cherokee 0.99.30 and prior are...

Hafiye 1.0 Terminal Escape Sequence Injection Vulnerability

+------- Software --------------+ Hafiye 1.0 "POSIX-compliant, customizable TCP/IP packet sniffer." +------- Tested Versions --------------+ Hafiye1.0 Tested on:LinuxHafiye compiled from tarball FreeBSD 4.7 Installed from CD +------- Vulnerability --------------+ Packet Payload Terminal Escape...

CVE-2003-0083

CVE-2003-0083 affects Apache 1.3.x (before 1.3.25) and Apache 2.0.x (before 2.0.46). The issue is that terminal escape sequences are not filtered from access logs, enabling insertion of escape sequences into terminal emulators vulnerable to such sequences. This is a separate vulnerability from CV...