VDB
CVE-2023-43620
CVE-2023-43620
PUBLISHED
An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.
EPSS 0.04% · 11.8th percentile
Risk Scores
EPSS Score
0.04%
11.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | schollz/croc/v9 | 0 |
| n/a | n/a | * |
| schollz | croc | 0 |
Timeline
- Sep 20, 2023 CVE Published
- Sep 21, 2023 CVE Updated
- Sep 22, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
- Nov 25, 2023 EPSS Score
- Dec 27, 2023 EPSS Score
- Jan 28, 2024 EPSS Score
- Feb 29, 2024 EPSS Score
- Apr 1, 2024 EPSS Score
- May 3, 2024 EPSS Score
- Jun 4, 2024 EPSS Score
- Jul 6, 2024 EPSS Score
References
- https://github.com/schollz/croc/pull/697 url
- https://www.openwall.com/lists/oss-security/2023/09/08/2 url
- https://github.com/schollz/croc/issues/595 url
- [oss-security] 20230921 Re: croc: multiple issues in file sharing utility mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2023-43620 advisory
- https://github.com/schollz/croc/commit/3f12f75fae2e844c555ec01eeba0b8474938e93a url
- https://github.com/schollz/croc package