CVE-2023-39150

EUVD-2023-42891
ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
maximus5conemu
𝑥
< 23.07.24
𝑥
= Vulnerable software versions
References
https://gist.github.com/dgl/081cf503dc635df39d844e058a6d4c88
https://github.com/Maximus5/ConEmu/commit/60683a186628ffaa7689fcb64b3c38ced69287c1
https://gist.github.com/dgl/081cf503dc635df39d844e058a6d4c88
https://github.com/Maximus5/ConEmu/commit/60683a186628ffaa7689fcb64b3c38ced69287c1