Mintty
by Mintty
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-39726 | Cri | 0.64 | 9.8 | 0.01 | Oct 26, 2023 | An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal. | ||
| CVE-2022-47583 | Cri | 0.64 | 9.8 | 0.01 | Oct 19, 2023 | Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal. | ||
| CVE-2025-1052 | Hig | 0.57 | 8.8 | 0.01 | Feb 11, 2025 | Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must… | ||
| CVE-2021-31701 | Hig | 0.49 | 7.5 | 0.01 | Jun 6, 2021 | Mintty before 3.4.7 mishandles Bracketed Paste Mode. | ||
| CVE-2024-45301 | Med | 0.27 | 5.3 | 0.00 | Nov 12, 2025 | Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network… | ||
| CVE-2021-28848 | Hig | 0.00 | 7.5 | 0.02 | Jun 3, 2021 | Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling the Mintty window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or… |
- risk 0.64cvss 9.8epss 0.01
An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.
- risk 0.64cvss 9.8epss 0.01
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.
- risk 0.57cvss 8.8epss 0.01
Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must…
- risk 0.49cvss 7.5epss 0.01
Mintty before 3.4.7 mishandles Bracketed Paste Mode.
- risk 0.27cvss 5.3epss 0.00
Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network…
- risk 0.00cvss 7.5epss 0.02
Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling the Mintty window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or…