oss-security - Re: xterm terminal crash due to malicious character sequences in file name

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <20250813203857.GA11693@unix-ag.uni-kl.de>
Date: Wed, 13 Aug 2025 22:38:57 +0200
From: Erik Auerswald <auerswal@...x-ag.uni-kl.de>
To: oss-security@...ts.openwall.com
Subject: Re: xterm terminal crash due to malicious character
 sequences in file name

Hi,

On Wed, Aug 13, 2025 at 07:00:58PM +0200, Vincent Lefevre wrote:
> The following makes the xterm terminal crash
> 
>   touch "$(printf "file\e[H\e[c\n\b")"
>   gunzip file*
> 
> due to malicious character sequences in the file name and a bug in
> xterm. Same issue with bunzip2 instead of gunzip.

I do not expect this to only happen with gunzip and bzip2.  Does this
happen with any program that prints the filename without any escaping,
e.g., "echo file*", and most programs that print the provided filename
when reporting any associated problem (i.e., all that do not escape or
suppress non-printable filename characters or bytes)?

> [...]

Best regards,
Erik

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.