Rxvt-Unicode Project: Security Vulnerabilities
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
CVSS Score
9.8
EPSS Score
0.018
Published
2022-12-09
rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.
CVSS Score
8.8
EPSS Score
0.011
Published
2021-05-20