CNNVD-202511-1394 Information
Nov 12, 2025
cve
CNNVD ID
CNNVD-202511-1394
Related CVE
- CNNVD Published: 2025-11-12
Description (Chinese)
mintty是mintty开源的应用软件Cygwin终端仿真器,也可用于MSYS 和Msys2。 mintty 2.3.6版本至3.7.4版本存在输入验证错误漏洞,该漏洞源于转义序列处理不当,可能导致NTLM哈希泄露。
Description (English)
Minty is a Cygwin terminal simulator for the intty open source, which can also be used for MSYS and Msys2. There is an input authentication error loophole in versions 2.3.6 to 3.7.4 which stems from the mishandling of the transposition sequence, which could lead to the disclosure of NTLM Hashi.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
mintty
Published
2025-11-12
Last Modified
2026-02-24
References
https://github.com/mintty/mintty/security/advisories/GHSA-jf4m-m6rv-p6c5 https://access.redhat.com/security/cve/cve-2024-45301
Patch
https://github.com/mintty/mintty/releases
Share on: