CVE-2023-46322 in iTerm2info

Summary

by MITRE • 10/25/2023

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 02/14/2026

The vulnerability identified as CVE-2023-46322 affects iTerm2 versions prior to 3.5.0beta12 and resides in the iTermSessionLauncher.m component responsible for handling SSH connections through URL schemes. This flaw represents a classic input validation issue that can lead to serious security implications when processing remote hostnames within SSH URL formats. The vulnerability specifically targets the sanitization of hostname data within SSH connection strings, creating potential attack vectors that could be exploited by malicious actors.

The technical flaw manifests in the improper handling of hostname characters within SSH URLs, where the system fails to adequately validate the initial character of hostnames and permits characters outside the expected alphanumeric range, hyphen, and period. This weakness allows attackers to craft specially formatted URLs that could bypass normal hostname validation checks. The vulnerability stems from insufficient input sanitization, which falls under CWE-20 - Improper Input Validation, a fundamental weakness that affects numerous security systems when they fail to properly validate user-supplied data. The issue is particularly concerning because SSH connections are inherently trusted and privileged operations, making any vulnerability in hostname handling potentially dangerous.

The operational impact of this vulnerability extends beyond simple data validation failures, as it could enable attackers to manipulate SSH connection behavior through crafted URLs. When users click on malicious SSH links, the improperly sanitized hostname data could potentially lead to unintended command execution, connection to wrong hosts, or other malicious outcomes. The vulnerability creates opportunities for phishing attacks where attackers could craft URLs that appear legitimate but connect to different hosts than intended. This type of vulnerability aligns with ATT&CK technique T1190 - Exploit Public-Facing Application, where attackers leverage input validation flaws to gain unauthorized access or manipulate system behavior.

Organizations using iTerm2 for SSH connections should immediately update to version 3.5.0beta12 or later to remediate this vulnerability. The fix implemented in the updated version ensures proper hostname sanitization by restricting characters to alphanumeric values, hyphens, and periods, thereby preventing the exploitation of this weakness. Security teams should also implement monitoring for suspicious SSH connection patterns and consider network-level controls to detect and block potentially malicious URL schemes. Additionally, user education regarding the dangers of clicking unknown SSH links remains crucial in mitigating the risk associated with this vulnerability. The remediation process should include comprehensive testing to ensure that the updated sanitization logic properly handles all edge cases while maintaining compatibility with legitimate SSH connection scenarios.

Reservation

10/22/2023

Disclosure

10/25/2023

Moderation

accepted

CPE

ready

EPSS

0.00656

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!