VYPR

Mintty

by Mintty

Source repositories

CVEs (6)

  • CVE-2023-39726CriOct 26, 2023
    risk 0.64cvss 9.8epss 0.01

    An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

  • CVE-2022-47583CriOct 19, 2023
    risk 0.64cvss 9.8epss 0.01

    Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.

  • CVE-2025-1052HigFeb 11, 2025
    risk 0.57cvss 8.8epss 0.01

    Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must…

  • CVE-2021-31701HigJun 6, 2021
    risk 0.49cvss 7.5epss 0.01

    Mintty before 3.4.7 mishandles Bracketed Paste Mode.

  • CVE-2024-45301MedNov 12, 2025
    risk 0.27cvss 5.3epss 0.00

    Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network…

  • CVE-2021-28848HigJun 3, 2021
    risk 0.00cvss 7.5epss 0.02

    Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling the Mintty window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or…