CVE-2003-0063Improper Neutralization of Escape, Meta, or Control Sequences in Project X11r6

CWE-150Improper Neutralization of Escape, Meta, or Control SequencesCWE-94Code Injection8 documents6 sources
Severity
7.3HIGHNVD
EPSS
1.3%
top 20.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xfree86 Project X11r6
Timeline
PublishedMar 3
Latest updateJul 14

Description

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages1 packages

NVDxfree86_project/x11r66 versions+5

🔴Vulnerability Details

3
GHSA
SwiftTerm Code Injection vulnerability2023-07-14
GHSA
GHSA-4f3f-7mf9-qrhc: The xterm terminal emulator in XFree86 42022-04-29
CVEList
CVE-2003-0063: The xterm terminal emulator in XFree86 42004-09-01

📋Vendor Advisories

2
Red Hat
xterm: arbitrary command injection2008-12-29
Red Hat
security flaw2003-02-24

💬Community

2
Bugzilla
CVE-2003-0063 security flaw2018-08-16
Bugzilla
CVE-2008-2383 xterm: arbitrary command injection2009-01-05
CVE-2003-0063 — Xfree86 Project X11r6 vulnerability | cvebase