PT-2022-26031 · Unknown+2 · Rxvt-Unicode+2

David Leadbeater

Published

2022-10-10

Updated

2024-06-15

CVE-2022-4170

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions rxvt-unicode versions 9.25 through 9.26

Description The issue allows for remote code execution in the Perl background extension of the rxvt-unicode package. This occurs when an attacker can control the data written to the user's terminal and certain options are set.

Recommendations For rxvt-unicode versions 9.25 and 9.26, consider disabling the Perl background extension as a temporary workaround until a patch is available. Restrict access to the terminal to minimize the risk of exploitation. Avoid using options that allow an attacker to control the data written to the user's terminal in the affected versions.

Fix

RCE

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

ALT-PU-2022-2749

CVE-2022-4170

MGASA-2022-0459

OPENSUSE-SU-2023:0306-1

OPENSUSE-SU-2024:13323-1

Affected Products

Alt Linux

Debian

Rxvt-Unicode

PT-2022-26031 · Unknown+2 · Rxvt-Unicode+2

CVE-2022-4170

Weakness Enumeration

Related Identifiers

Affected Products

References · 20