Published: 09/10/2019 Updated: 07/11/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an malicious user to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an malicious user to execute arbitrary commands on their victim's computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content.

Vulnerable Product	Search on Vulmon	Subscribe to Product
iterm2 iterm2

iTerm2 issues emergency update after MOSS finds a fatal flaw in its terminal code

The Register • Thomas Claburn in San Francisco • 10 Oct 2019

It's time to update or call 0118 999 88199 9119 7253 Meet Hyper.is – the terminal written in HTML, JS and CSS

The author of popular macOS open source terminal emulator iTerm2 has rushed out a new version (v3.3.6) because prior iterations have a security flaw that could allow an attacker to execute commands on a computer using the application. The vulnerability (CVE-2019-9535) was identified through the Mozilla Open Source Support Program (MOSS), which arranged to audit iTerm2 under its remit to review open source projects for security problems. A third-party security biz, Radically Open Security, perfor...

CVE-2019-9535

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect