First published: Wed Dec 07 2022(Updated: )
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
Credit: patrick@puiterwijk.org patrick@puiterwijk.org
Affected Software | Affected Version | How to fix |
---|---|---|
Rxvt-unicode Project Rxvt-unicode | =9.25 | |
Rxvt-unicode Project Rxvt-unicode | =9.26 | |
Fedoraproject Extra Packages For Enterprise Linux | =8.0 | |
Fedoraproject Fedora | =37 | |
redhat/rxvt-unicode | <9.30 | 9.30 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-4170 is a vulnerability in the rxvt-unicode package that allows remote code execution when an attacker can control the data written to the user's terminal and certain options are set.
CVE-2022-4170 has a severity rating of 9.8 (Critical).
The affected versions include rxvt-unicode 9.25 and 9.26, Extra Packages for Enterprise Linux 8.0, and Fedora 37.
To fix CVE-2022-4170, it is recommended to upgrade to rxvt-unicode version 9.30 or higher.
Additional information can be found at the following references: [link1](https://bugzilla.redhat.com/show_bug.cgi?id=2151597), [link2](https://www.openwall.com/lists/oss-security/2022/12/05/1), [link3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2151598).