Description
ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.
References (2)
Core 2
Core References
Third Party Advisory
https://gist.github.com/dgl/081cf503dc635df39d844e058a6d4c88
Scores
CVSS v3
9.8
EPSS
0.0020
EPSS Percentile
42.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
Status
published
Products (1)
maximus5/conemu
< 23.07.24
Published
Sep 12, 2023
Tracked Since
Feb 18, 2026