CVE-2023-39150

{"id": "CVE-2023-39150", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-09-12T13:15:07.897", "references": [{"url": "https://gist.github.com/dgl/081cf503dc635df39d844e058a6d4c88", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Maximus5/ConEmu/commit/60683a186628ffaa7689fcb64b3c38ced69287c1", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/dgl/081cf503dc635df39d844e058a6d4c88", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Maximus5/ConEmu/commit/60683a186628ffaa7689fcb64b3c38ced69287c1", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387."}, {"lang": "es", "value": "ConEmu antes del commit 230724 no sanitiza correctamente las respuestas de t\u00edtulo para los caracteres de control, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Esto est\u00e1 relacionado con una soluci\u00f3n incompleta para CVE-2022-46387."}], "lastModified": "2024-11-21T08:14:48.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:maximus5:conemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CB8E253-F071-4DEF-8E76-1B1D7DD8B4E0", "versionEndExcluding": "23.07.24"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}