CVE-2022-41322
First published: Fri Sep 23 2022(Updated: )
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kitty | <0.26.2 | |
| Red Hat Fedora | =36 | |
| Red Hat Fedora | =37 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.gentoo.org/868543
- https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f
- https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RRNAPU33PHEH64P77YL3AJO6CTZGHTX/
- https://security.gentoo.org/glsa/202209-22
- https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RRNAPU33PHEH64P77YL3AJO6CTZGHTX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI/
Frequently Asked Questions
What is the severity of CVE-2022-41322?
CVE-2022-41322 has a critical severity level due to its potential for arbitrary code execution.
How do I fix CVE-2022-41322?
To fix CVE-2022-41322, upgrade Kitty to version 0.26.2 or later.
Can CVE-2022-41322 be exploited remotely?
CVE-2022-41322 requires user interaction to exploit, making it a client-side vulnerability.
What versions of Kitty are affected by CVE-2022-41322?
CVE-2022-41322 affects all versions of Kitty prior to 0.26.2.
Is this vulnerability present in Fedora distributions?
Yes, CVE-2022-41322 affects Fedora 36 and 37 when using vulnerable versions of Kitty.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/kitty project
- canonical/kitty
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/36
- version/red hat fedora/37