Remote Code Execution Vulnerability in rxvt-unicode by the Vendor
CVE-2022-4170

9.8CRITICAL

Key Information:

Vendor: Rxvt-unicode Project
Status: Rxvt-unicode
Vendor: CVE Published:; 9 December 2022

🔔 Create Rxvt-unicode Project Vulnerability Alert

What is CVE-2022-4170?

The rxvt-unicode terminal emulator is susceptible to a security vulnerability that allows remote code execution due to improper handling of terminal data from untrusted sources. Attackers can exploit this weakness by controlling what information is written to the user's terminal, particularly when specific options are configured. This could lead to unauthorized actions being performed on the user's system, making timely mitigation essential.

Affected Version(s)

rxvt-unicode rxvt-unicode 9.30

References

https://bugzilla.redhat.com/show_bug.cgi?id=2151597

https://www.openwall.com/lists/oss-security/2022/12/05/1

https://security.gentoo.org/glsa/202310-20

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2022
Vulnerability Reserved
Nov 28, 2022