CVE-2023-39150

critical

Description

ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.

References

https://github.com/Maximus5/ConEmu/commit/60683a186628ffaa7689fcb64b3c38ced69287c1

https://gist.github.com/dgl/081cf503dc635df39d844e058a6d4c88

Details

Source: Mitre, NVD

Published: 2023-09-12

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00709