CVE-2022-45063: xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead

Description

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.

Affected Products

Vendor	Product	Versions
invisible-island	xterm	n/a

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
fedoraproject	fedora	cve_cpe	95%

References

Related News (2 articles)

Tier C

oss-security3h ago

Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals

→ No new info (linked only)

Tier C

oss-security19h ago

systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals

→ No new info (linked only)

CVSS 3.19.8 NONE

EPSS0.22(Top 4%)

CISA KEV❌ No

Actively exploited❌ No

Patch available

375

PublishedNov 10, 2022

Last enriched18h ago

Trending Score42

Source articles2

Independent1

Info Completeness10/14

Missing: kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

CVE-2022-45063: xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead

Description

Affected Products

Also Affects

References

Related News (2 articles)

Community Vote

Related CVEs (2)

Pin to Dashboard

Verification

Vulnerability Timeline