CVE-2022-41322
First published: Fri Sep 23 2022(Updated: )
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kitty Project Kitty | <0.26.2 | |
| Fedoraproject Fedora | =36 | |
| Fedoraproject Fedora | =37 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.gentoo.org/868543
- https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f
- https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RRNAPU33PHEH64P77YL3AJO6CTZGHTX/
- https://security.gentoo.org/glsa/202209-22
- https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes
- collector/nvd-index
- vendor/kitty project
- canonical/kitty project kitty
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/36
- version/fedoraproject fedora/37