ГлавнаяУязвимости → CVE-2024-38395
9.8критическая

CVE-2024-38395

Описание

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."

Затрагиваемое ПО
Iterm2 Iterm2
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
http://www.openwall.com/lists/oss-security/2024/06/17/1https://gitlab.com/gnachman/iterm2/-/commit/f1e89f78dd72dcac3ba66d3d6f93db3f7f649219https://gitlab.com/gnachman/iterm2/-/tags/v3.5.2https://iterm2.com/downloads.htmlhttps://www.openwall.com/lists/oss-security/2024/06/15/1http://www.openwall.com/lists/oss-security/2024/06/17/1https://gitlab.com/gnachman/iterm2/-/commit/f1e89f78dd72dcac3ba66d3d6f93db3f7f649219https://gitlab.com/gnachman/iterm2/-/tags/v3.5.2