CVE-2023-39150
CRITICALCVSS 9.8/10EPSS 0.81%
Last modified
CVE-2023-39150 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.. EPSS estimates a 0.81% chance of exploitation in the next 30 days.
Description
ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Maximus5 | Conemu | < 23.07.24 |
References
- https://gist.github.com/dgl/081cf503dc635df39d844e058a6d4c88Third Party Advisory
- https://gist.github.com/dgl/081cf503dc635df39d844e058a6d4c88Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-39150?
ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.
How severe is CVE-2023-39150?
CVE-2023-39150 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.81% probability of exploitation in the next 30 days.
How do I fix CVE-2023-39150?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2023-39150?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST