Home > Vulnerability Database > CVE-2024-45301

Mend.io Vulnerability Database

CVE-2024-45301

Good to know:

Date: November 12, 2025

Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network path, negotiate an ntlm hash out of the victim's machine to an attacker controlled remote host. An attacker can use password cracking tools or NetNTLMv2 hashes to Pass the Hash. Version 3.7.5 fixes the issue.

Severity Score

5.3

Related Resources (3)

Url: https://github.com/mintty/mintty/security/advisories/GHSA-jf4m-m6rv-p6c5

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45301

Url: https://www.mend.io/vulnerability-database/CVE-2024-45301

Severity Score

5.3

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version https://github.com/mintty/mintty.git - 3.7.5

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45301

Good to know:

Date: November 12, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?