Description

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."

INFO

Published Date :

2024-06-16T00:00:00.000Z

Last Modified :

2024-08-02T04:12:24.681Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-38395 vulnerability.

Vendors Products
Iterm2
  • Iterm2
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-38395.

URL Resource
http://www.openwall.com/lists/oss-security/2024/06/17/1 cve-icon cve-icon
https://gitlab.com/gnachman/iterm2/-/commit/f1e89f78dd72dcac3ba66d3d6f93db3f7f649219 cve-icon cve-icon
https://gitlab.com/gnachman/iterm2/-/tags/v3.5.2 cve-icon cve-icon
https://iterm2.com/downloads.html cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2024/06/15/1 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact