CVE-2022-4170

2022-12-0918:15:20

CWE-74

[email protected]

web.nvd.nist.gov

cve-2022-4170

rxvt-unicode

remote code execution

perl

nvd

vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user’s terminal and certain options are set.

Affected configurations

NVD

Node

rxvt-unicode_projectrxvt-unicodeMatch9.25

rxvt-unicode_projectrxvt-unicodeMatch9.26

Node

fedoraprojectextra_packages_for_enterprise_linuxMatch8.0

fedoraprojectfedoraMatch37

CPENameOperatorVersion
rxvt-unicode_project:rxvt-unicoderxvt-unicode project rxvt-unicodeeq9.25
rxvt-unicode_project:rxvt-unicoderxvt-unicode project rxvt-unicodeeq9.26

CPE	Name	Operator	Version
rxvt-unicode_project:rxvt-unicode	rxvt-unicode project rxvt-unicode	eq	9.25
rxvt-unicode_project:rxvt-unicode	rxvt-unicode project rxvt-unicode	eq	9.26

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "rxvt-unicode",
    "versions": [
      {
        "version": "rxvt-unicode 9.30",
        "status": "affected"
      }
    ]
  }
]