Vulnerability Details CVE-2022-41138
In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.4%
CVSS Severity
CVSS v3 Score 9.8
References
- https://bugs.gentoo.org/868495
- https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38
- https://github.com/tomszilagyi/zutty/compare/0.12...0.13
- https://security.gentoo.org/glsa/202209-25
- https://bugs.gentoo.org/868495
- https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38
- https://github.com/tomszilagyi/zutty/compare/0.12...0.13
- https://security.gentoo.org/glsa/202209-25
Products affected by CVE-2022-41138
-
cpe:2.3:a:zutty_project:zutty:-
-
cpe:2.3:a:zutty_project:zutty:0.1
-
cpe:2.3:a:zutty_project:zutty:0.10
-
cpe:2.3:a:zutty_project:zutty:0.11
-
cpe:2.3:a:zutty_project:zutty:0.12
-
cpe:2.3:a:zutty_project:zutty:0.2
-
cpe:2.3:a:zutty_project:zutty:0.3
-
cpe:2.3:a:zutty_project:zutty:0.4
-
cpe:2.3:a:zutty_project:zutty:0.5
-
cpe:2.3:a:zutty_project:zutty:0.6
-
cpe:2.3:a:zutty_project:zutty:0.7
-
cpe:2.3:a:zutty_project:zutty:0.8
-
cpe:2.3:a:zutty_project:zutty:0.9