oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: xterm terminal crash due to malicious character sequences in file name

From: Erik Auerswald <auerswal () unix-ag uni-kl de>
Date: Wed, 13 Aug 2025 22:38:57 +0200
Hi,

On Wed, Aug 13, 2025 at 07:00:58PM +0200, Vincent Lefevre wrote:

The following makes the xterm terminal crash

  touch "$(printf "file\e[H\e[c\n\b")"
  gunzip file*

due to malicious character sequences in the file name and a bug in
xterm. Same issue with bunzip2 instead of gunzip.


I do not expect this to only happen with gunzip and bzip2.  Does this
happen with any program that prints the filename without any escaping,
e.g., "echo file*", and most programs that print the provided filename
when reporting any associated problem (i.e., all that do not escape or
suppress non-printable filename characters or bytes)?


[...]


Best regards,
Erik
Previous By Date Next
Previous By Thread Next

Current thread: