Iterm2
CVE-2024-38396
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395.
AnalysisAI
An issue was discovered in iTerm2 3.5.x before 3.5.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395. Affected products include: Iterm2. Version information: before 3.5.2..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences relate
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences relate
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execut
iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. Rated high severity (CVSS
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.i
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution mi
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. Rated critical severity (CV
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. Rated critical severity
iTerm2 before 3.4.18 mishandles a DECRQSS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely e
Remote code execution in iTerm2 through version 3.6.9 allows local attackers to execute arbitrary code by displaying a s
iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from termina
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today