Login Sign Up

CVE-2022-47583

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2022-47583 is a terminal character injection vulnerability in Mintty terminal emulator that allows attackers to execute arbitrary code by sending specially crafted ANSI escape sequences. This affects users running vulnerable versions of Mintty on Windows systems, particularly when viewing untrusted content or connecting to untrusted servers.

💻 Affected Systems

Products:
  • Mintty
Versions: All versions before 3.6.3
Operating Systems: Windows, Cygwin, MSYS2
Default Config Vulnerable: ⚠️ Yes
Notes: Primarily affects Windows users of Cygwin/MSYS2 environments. Linux/macOS users are not affected as they typically use different terminal emulators.

📦 What is this software?

Mintty by Mintty Project

View all CVEs affecting Mintty →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Local privilege escalation or code execution when users view malicious files or connect to compromised servers via SSH/Telnet.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are followed, though code execution remains possible.

🌐 Internet-Facing: MEDIUM - Requires user interaction or specific conditions, but can be triggered via web content or remote connections.
🏢 Internal Only: HIGH - Common in development environments and system administration where terminal access is frequent.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires tricking users into viewing malicious content or connecting to malicious servers. No authentication needed once user interacts with malicious input.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.3

Vendor Advisory: https://github.com/mintty/mintty/releases/tag/3.6.3

Restart Required: Yes

Instructions:

1. Download Mintty 3.6.3 or later from GitHub releases. 2. Replace existing mintty.exe with new version. 3. Restart all Mintty terminal sessions.

🔧 Temporary Workarounds

Disable ANSI escape sequence processing

all

Prevents malicious sequences from being interpreted by disabling certain terminal features

set TERM=dumb
export TERM=dumb

Use alternative terminal

windows

Temporarily switch to Windows Terminal or other secure terminal emulator

🧯 If You Can't Patch

  • Restrict network access to only trusted servers and avoid viewing untrusted files in Mintty
  • Implement application whitelisting to prevent execution of unauthorized binaries from terminal

🔍 How to Verify

Check if Vulnerable:

Check Mintty version: mintty --version. If version is below 3.6.3, system is vulnerable.

Check Version:

mintty --version

Verify Fix Applied:

After updating, run mintty --version and confirm version is 3.6.3 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Unusual terminal escape sequences in logs
  • Suspicious command execution from terminal sessions

Network Indicators:

  • Malformed ANSI sequences in network traffic to terminal services

SIEM Query:

Process creation from mintty.exe with unusual parent processes or command line arguments

📊 Metadata

CVE ID: CVE-2022-47583
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-74
Published: October 19, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-47583, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)