Improper Neutralization of Escape, Meta, or Control Sequences

CVE-2024-33899

High

7.1/10

Summary

RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences

The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.

References

Advisory Timeline

Published Apr 29, 2024

Improper Neutralization of Escape, Meta, or Control Sequences

CVE-2024-33899

Summary

CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS