CRITICAL🇵🇱 Wersja polska

CVE-2024-38396

CVSS 9.8v3.1pub. 2024-06-16upd. 2025-06-20

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395.

🤖 AI Analysis
How it works

The iTerm2 application does not properly filter escape sequences used for reporting the terminal window title. When the built-in tmux integration is active (enabled by default), a specially crafted escape sequence can be used to inject and execute arbitrary commands in the context of the user's terminal. The vulnerability is classified as CWE-94 (Improper Control of Code Generation), indicating lack of proper control over generated or interpreted code.

Impact

An attacker can execute arbitrary code in the victim's terminal without authentication, which may lead to complete takeover of the terminal session and potentially the entire user's operating system.

Mitigation & patch

Update iTerm2 to version 3.5.2 or newer. A patch is available on the official vendor website (iterm2.com/downloads.html). Until updating, consider disabling the built-in tmux integration.

Who is affected

iTerm2 versions 3.5.x prior to 3.5.2 with active tmux integration (enabled by default).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Iterm2

    APP
    Iterm2
    3.5.0 – 3.5.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-22275CRITICAL9.3PL ✓ten sam produkt

iTerm2: wyciek danych z poleceń terminalowych przez plik /tmp/framer.txt

CVE-2024-38395CRITICAL9.8PL ✓ten sam produkt

iTerm2: RCE przez niezastosowanie ustawienia tytułu okna terminala

CVE-2023-46321CRITICAL9.8ten sam produkt

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have ...

CVE-2023-46322CRITICAL9.8ten sam produkt

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's in...

CVE-2023-46300CRITICAL9.8ten sam produkt

iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequen...