CVE-2024-25003: 
NixOS vulnerability analysis and mitigation

KiTTY versions 0.76.1.13 and before contain a stack-based buffer overflow vulnerability (CVE-2024-25003) that affects the hostname parameter. The vulnerability was introduced in the original release in May 2021 (commit 4f79b1e) and exists due to insufficient bounds checking and input sanitization. This vulnerability affects all versions up to KiTTY ≤ 0.76.1.13 in their default configuration and is present across all Microsoft Windows operating systems 11/10/8/7/XP (DEFCESCO Blog).

The vulnerability exists in the kitty.c file, specifically in the handling of the ANSI escape sequence '\033]0;__dt'. When KiTTY processes this sequence, it interprets it as an instruction to create a duplicate terminal session. The vulnerable code is located at lines 2597-2602, where insufficient bounds checking and input sanitization in the hostname parameter can lead to a stack-based buffer overflow. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows an attacker to overwrite adjacent memory, which can lead to arbitrary code execution in the context of the user running the application. Since KiTTY operates by default in the user permission group of Standard Users, successful exploitation could give attackers control over the affected system (DEFCESCO Blog).