CVE-2023-39726

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-39726

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39726.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-39726

Published

2023-10-26T21:15:07.857Z

Modified

2026-03-14T12:08:39.373277Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

References

https://dgl.cx/2023/09/ansi-terminal-security#mintty-osc50

Affected packages

Git / github.com/mintty/mintty

Affected ranges

Type

GIT

Repo

https://github.com/mintty/mintty

Events

Introduced

Last affected

019c7d4bd1be56db815995cc27f794aef34bae84

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.6.4"
        }
    ]
}

Affected versions

2.*

2.0.1

2.0.2

2.0.3

2.1.1

2.1.3

2.1.4

2.1.5

2.2.1

2.2.2

2.2.3

2.2.4

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7release

2.4.0

2.4.1

2.4.2

2.4.3

2.5.0

2.5.1

2.6.0

2.6.1

2.6.2

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.8.5

2.9.0

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.9.9

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.1.0

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.2.0

3.3.0

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.5.0

3.5.1

3.5.2

3.5.3

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39726.json"