CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
Incomplete
2006-07-19
00h00 +00:00
00h00 +00:00
2026-04-30
00h00 +00:00
00h00 +00:00
Powiadomienia dla konkretnego CWE
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.
Nazwa: Improper Neutralization of Escape, Meta, or Control Sequences
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.
Informacje ogólne
Sposoby wprowadzenia
Build and Compilation : During LLM training, escape sequences may be assigned within token entry values.Implementation : Interactive command line interfaces have become more commonplace with growing system administration needs and human-friendly TUIs (text-based user interfaces); logging user-generated values into the terminal into one of these sessions is no longer safe.
Implementation : REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Odpowiednie platformy
Język
Class: Not Language-Specific (Undetermined)Technologie
Name: AI/ML (Undetermined)Typowe konsekwencje
| Zakres | Wpływ | Prawdopodobieństwo |
|---|---|---|
| Integrity | Execute Unauthorized Code or Commands, Hide Activities, Unexpected State Note: ANSI escape codes can be used for low-severity attacks such as changing the color of console output, but they can also be used to arbitrarily move the cursor, clear the screen, and make fake prompts inside the interactive CLI via malicious user input. In some contexts - depending on the functionality of the terminal in use - ANSI escape codes can be used to execute arbitrary code. |
Zaobserwowane przykłady
| Odniesienia | Opis |
|---|---|
CVE-2024-27936 | Chain: JavaScript-based application removes ANSI escape sequences in a dialog that asks permission for a particular file, causing the wrong filename to be visually presented for user approval (CWE-451), but the filename still contains the ANSI escape sequences (CWE-150), potentially causing the user to grant access to the wrong file. |
CVE-2002-0542 | The mail program processes special "~" escape sequence even when not in interactive mode. |
CVE-2000-0703 | Setuid program does not filter escape sequences before calling mail program. |
CVE-2002-0986 | Mail function does not filter control characters from arguments, allowing mail message content to be modified. |
CVE-2003-0020 | Multi-channel issue. Terminal escape sequences not filtered from log files. |
CVE-2003-0083 | Multi-channel issue. Terminal escape sequences not filtered from log files. |
CVE-2003-0021 | Terminal escape sequences not filtered by terminals when displaying files. |
CVE-2003-0022 | Terminal escape sequences not filtered by terminals when displaying files. |
CVE-2003-0023 | Terminal escape sequences not filtered by terminals when displaying files. |
CVE-2003-0063 | Terminal escape sequences not filtered by terminals when displaying files. |
CVE-2000-0476 | Terminal escape sequences not filtered by terminals when displaying files. |
CVE-2001-1556 | MFV. (multi-channel). Injection of control characters into log files that allow information hiding when using raw Unix programs to read the files. |
Potencjalne środki zaradcze
Developers should anticipate that escape, meta and control characters/sequences will be injected/removed/manipulated in the input vectors of their product. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.Phases : Implementation
Phases : Implementation
While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88).
Phases : Implementation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Phases : Implementation
When using output from an LLM, neutralize or strip escape codes before redirecting output to the terminal or other rendering engine that would process the codes. The neutralization could require that the character be printable and/or allowable whitespace, such as a carriage return or newline. Be deliberate about what to allow.
Phases : Build and Compilation
When using an LLM: during tokenizer training, suppress escape codes from the tokenizer's vocabulary. Depending on context, this could be accomplished by removing the codes from input to the tokenizer, or removing the map from the string to its token ID. It is generally unlikely that this removal would adversely affect the quality or correctness of what is generated, e.g. advice requests for terminal settings to change colors.
Metody wykrywania
Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)Skuteczność : High
Uwagi dotyczące mapowania podatności
Uzasadnienie : This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Komentarz : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Powiązane wzorce ataków
| CAPEC-ID | Nazwa wzorca ataku |
|---|---|
| CAPEC-134 | Email Injection
An adversary manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol. |
| CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads
This type of attack involves an attacker leveraging meta-characters in email headers to inject improper behavior into email programs. Email software has become increasingly sophisticated and feature-rich. In addition, email applications are ubiquitous and connected directly to the Web making them ideal targets to launch and propagate attacks. As the user demand for new functionality in email applications grows, they become more like browsers with complex rendering and plug in routines. As more email functionality is included and abstracted from the user, this creates opportunities for attackers. Virtually all email applications do not list email header information by default, however the email header contains valuable attacker vectors for the attacker to exploit particularly if the behavior of the email client application is known. Meta-characters are hidden from the user, but can contain scripts, enumerations, probes, and other attacks against the user's system. |
| CAPEC-81 | Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application. |
| CAPEC-93 | Log Injection-Tampering-Forging
This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing them to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non-repudiation and incident forensics capability. |
Notatki
As of CWE 4.20: while exploitation and research interest in ANSI escape codes (and other terminal sequences) was popular in the early 2000's [REF-1527] - and known as an attack vector going back to at least 1994 [REF-1532] - there has been renewed interest in this type of injection as new attack vectors have arrived (e.g., from LLM output, or CLIs that were not based on OS sessions).Odniesienia
REF-1532
flash.chttps://phrack.org/issues/46/4
REF-1527
Terminal Emulator Security IssuesH D Moore.
https://marc.info/?l=bugtraq&m=104612710031920&w=2
REF-1526
\e[31m"?! ANSI Terminal security in 2023 and finding 10 CVEsDavid Leadbeater.
https://dgl.cx/2023/09/ansi-terminal-security
REF-1529
Weaponizing Plain Text ANSI Escape Sequences as a Forensic NightmareSTÖK.
https://www.youtube.com/watch?v=3T2Al3jdY38
REF-1530
Weaponizing Plain Text ANSI Escape Sequences as a Forensic NightmareSTÖK.
https://i.blackhat.com/BH-US-23/Presentations/US-23-stok-weponizing-plain-text-ansi-escape-sequences-as-a-forensic-nightmare-appendix.pdf
REF-1531
LLM output can take over your computerLeon Derczynski.
https://interhumanagreement.substack.com/p/llm-output-can-take-over-your-computer
REF-1533
Terminal DiLLMa: LLM-powered Apps Can Hijack Your Terminal Via Prompt Injectionwunderwuzzi.
https://embracethered.com/blog/posts/2024/terminal-dillmas-prompt-injection-ansi-sequences/
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| Eric Dalci | Cigital | updated Potential_Mitigations, Time_of_Introduction | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Description, Name | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Common_Consequences, Observed_Examples, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Modes_of_Introduction, Relationships | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Potential_Mitigations, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Description, Potential_Mitigations | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Detection_Factors, Weakness_Ordinalities | |
| CWE Content Team | MITRE | updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, References, Research_Gaps, Time_of_Introduction |
