CVE-2023-39726

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-39726

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39726.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-39726

Published

2023-10-26T21:15:07Z

Modified

2025-01-14T11:53:41.860136Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

References

https://dgl.cx/2023/09/ansi-terminal-security#mintty-osc50

Affected packages

Git / github.com/mintty/mintty

Affected ranges

Type: GIT
Repo: https://github.com/mintty/mintty
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

019c7d4bd1be56db815995cc27f794aef34bae84

Affected versions

2.*

2.0.1

2.0.2

2.0.3

2.1.1

2.1.3

2.1.4

2.1.5

2.2.1

2.2.2

2.2.3

2.2.4

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7release

2.4.0

2.4.1

2.4.2

2.4.3

2.5.0

2.5.1

2.6.0

2.6.1

2.6.2

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.8.5

2.9.0

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.9.9

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.1.0

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.2.0

3.3.0

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.5.0

3.5.1

3.5.2

3.5.3

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4