"[31m"?! ANSI Terminal security in 2023 and finding 10 CVEs
(dgl.cx)
from tedu@inks.tedunangst.com to inks@inks.tedunangst.com on 20 Oct 2023 19:20
https://inks.tedunangst.com/l/5047
from tedu@inks.tedunangst.com to inks@inks.tedunangst.com on 20 Oct 2023 19:20
https://inks.tedunangst.com/l/5047
This paper reflects work done in late 2022 and 2023 to audit for vulnerabilities in terminal emulators, with a focus on open source software. The results of this work were 10 CVEs against terminal emulators that could result in Remote Code Execution (RCE), in addition various other bugs and hardening opportunities were found. The exact context and severity of these vulnerabilities varied, but some form of code execution was found to be possible on several common terminal emulators across the main client platforms of today.
threaded - newest