Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-JQ43-Q8MX-R7MQ
HistoryJul 14, 2023 - 9:58 p.m.

SwiftTerm Code Injection vulnerability

2023-07-1421:58:43
Google
osv.dev
8
swiftterm
code injection
window modification
arbitrary commands
david leadbeater
github
security patch
terminal emulators
nvd
cve
bugtraq
debian

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.1%

JSON

Impact

Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user’s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Credit

These bugs were found and disclosed by David Leadbeater <[email protected]> (@dgl at Github.com)

Patches

Fixed in version ce596e0dc8cdb288bc7ed5c6a59011ee3a8dc171

Workarounds

There are no workarounds available

References

Similar exploits to this existed in the past, for terminal emulators:

https://nvd.nist.gov/vuln/detail/CVE-2003-0063
https://nvd.nist.gov/vuln/detail/CVE-2008-2383

Additional background and information is also available:

https://marc.info/?l=bugtraq&m=104612710031920&w=2
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030

Related

github 1
openvas 57
fedora 5
nessus 26
debiancve 2
cve 4
nvd 4
prion 3
ubuntucve 3
cvelist 4
osv 3
debian 3
gentoo 1
oraclelinux 1
veracode 1
centos 2
redhat 3
freebsd 1
slackware 1
ubuntu 1
securityvulns 3
threatpost 1
github
github
SwiftTerm Code Injection vulnerability
2023-07-14 21:58:43
openvas
openvas
FreeBSD Ports: xterm
2009-01-07 00:00:00
Fedora Core 10 FEDORA-2009-0091 (xterm)
2009-01-07 00:00:00
Fedora Core 9 FEDORA-2009-0059 (xterm)
2009-01-07 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: xterm-238-1.fc8
2009-01-07 09:25:00
[SECURITY] Fedora 9 Update: xterm-238-1.fc9
2009-01-07 09:12:14
[SECURITY] Fedora 10 Update: xterm-238-1.fc10
2009-01-07 09:16:50
nessus
nessus
Fedora 37 : kitty (2023-3746647cc3)
2023-07-27 00:00:00
Fedora 9 : xterm-238-1.fc9 (2009-0059)
2009-01-16 00:00:00
Fedora 38 : kitty (2023-a004ecb3f8)
2023-07-26 00:00:00
debiancve
debiancve
CVE-2008-2383
2009-01-02 18:11:09
CVE-2015-8971
2017-01-23 21:59:00
cve
cve
CVE-2008-2383
2009-01-02 18:11:09
CVE-2022-23465
2022-12-02 23:15:16
CVE-2003-0063
2004-09-01 04:00:00
nvd
nvd
CVE-2008-2383
2009-01-02 18:11:09
CVE-2003-0063
2003-03-03 05:00:00
CVE-2022-23465
2022-12-02 23:15:16
prion
prion
Crlf injection
2009-01-02 18:11:00
Design/Logic Flaw
2022-12-02 23:15:00
Code injection
2017-01-23 21:59:00
ubuntucve
ubuntucve
CVE-2008-2383
2009-01-02 00:00:00
CVE-2003-0063
2003-03-03 00:00:00
CVE-2015-8971
2017-01-23 00:00:00
cvelist
cvelist
CVE-2008-2383
2009-01-02 00:00:00
CVE-2003-0063
2004-09-01 04:00:00
CVE-2022-23465 SwiftTerm vulnerable to arbitrary command execution
2022-12-02 22:53:45
osv
osv
CVE-2022-23465
2022-12-02 23:15:16
xterm - remote code execution
2009-01-02 00:00:00
xfree86 - buffer overflows, denial of service
2003-09-12 00:00:00
debian
debian
[SECURITY] [DSA 1694-2] New xterm packages fix regression
2009-01-06 11:40:11
[SECURITY] [DSA 1694-1] New xterm packages fix remote code execution
2009-01-02 19:07:44
[SECURITY] [DSA-380-1] New xfree86 packages fix multiple vulnerabilities
2003-09-12 18:55:36
gentoo
gentoo
xterm: User-assisted arbitrary commands execution
2009-02-12 00:00:00
oraclelinux
oraclelinux
xterm security update
2009-01-07 00:00:00
veracode
veracode
CRLF Injection
2020-04-10 00:28:46
centos
centos
hanterm security update
2009-02-02 23:25:09
xterm security update
2009-01-07 22:24:51
redhat
redhat
(RHSA-2009:0018) Important: xterm security update
2009-01-07 00:00:00
(RHSA-2009:0019) Important: hanterm-xf security update
2009-01-07 00:00:00
(RHSA-2003:065) XFree86 security update
2003-06-25 00:00:00
freebsd
freebsd
xterm -- DECRQSS remote command execution vulnerability
2008-12-28 00:00:00
slackware
slackware
xterm
2009-03-10 10:26:52
ubuntu
ubuntu
xterm vulnerabilities
2009-01-06 00:00:00
securityvulns
securityvulns
[RHSA-2003:067-00] Updated XFree86 packages provide security and bug fixes
2003-06-25 00:00:00
Terminal Emulator Security Issues
2003-02-25 00:00:00
About the security content of Security Update 2009-002 / Mac OS X v10.5.7
2009-05-14 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.1%

JSON
Related for OSV:GHSA-JQ43-Q8MX-R7MQ
github1openvas57fedora5nessus26debiancve2cve4nvd4prion3ubuntucve3cvelist4osv3debian3gentoo1oraclelinux1veracode1centos2redhat3freebsd1slackware1ubuntu1securityvulns3threatpost1