Vulnerability Details CVE-2022-4170
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.1%
CVSS Severity
CVSS v3 Score 9.8
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2151597
- https://security.gentoo.org/glsa/202310-20
- https://www.openwall.com/lists/oss-security/2022/12/05/1
- https://bugzilla.redhat.com/show_bug.cgi?id=2151597
- https://security.gentoo.org/glsa/202310-20
- https://www.openwall.com/lists/oss-security/2022/12/05/1
Products affected by CVE-2022-4170
-
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0
-
cpe:2.3:a:rxvt-unicode_project:rxvt-unicode:9.25
-
cpe:2.3:a:rxvt-unicode_project:rxvt-unicode:9.26
-
cpe:2.3:o:fedoraproject:fedora:37