Vulnerability Details CVE-2022-4170
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.9%
CVSS Severity
CVSS v3 Score 9.8
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2151597
- https://security.gentoo.org/glsa/202310-20
- https://www.openwall.com/lists/oss-security/2022/12/05/1
- https://bugzilla.redhat.com/show_bug.cgi?id=2151597
- https://security.gentoo.org/glsa/202310-20
- https://www.openwall.com/lists/oss-security/2022/12/05/1
Products affected by CVE-2022-4170
-
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0
-
cpe:2.3:a:rxvt-unicode_project:rxvt-unicode:9.25
-
cpe:2.3:a:rxvt-unicode_project:rxvt-unicode:9.26
-
cpe:2.3:o:fedoraproject:fedora:37