CVE-2020-35605
First published: Mon Dec 21 2020(Updated: )
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/kitty | 0.13.3-1+deb10u1 0.19.3-1 0.26.5-5 | |
| Kitty | <0.19.3 | |
| Debian Linux | =10.0 | |
| Kovidgoyal Kitty | <0.19.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-35605?
CVE-2020-35605 is considered to have a high severity due to the potential for remote code execution.
How do I fix CVE-2020-35605?
To fix CVE-2020-35605, upgrade to kitty version 0.19.3 or later.
What software is affected by CVE-2020-35605?
CVE-2020-35605 affects kitty versions prior to 0.19.3, particularly in Debian distributions.
Can CVE-2020-35605 be exploited remotely?
Yes, CVE-2020-35605 can be exploited remotely through specially crafted filenames in error messages.
What are the potential consequences of CVE-2020-35605?
The exploitation of CVE-2020-35605 can lead to arbitrary code execution, compromising the affected system.
- collector/security-tracker-debian
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- package-manager/debian
- vendor/kitty project
- canonical/kitty
- vendor/debian
- canonical/debian linux
- version/debian linux/10.0
- vendor/kovidgoyal
- canonical/kovidgoyal kitty