Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-45063

Published: 10/11/2022 Updated: 07/11/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Xterm

Vulnerability Summary

xterm prior to 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

invisible-island xterm

fedoraproject fedora 35

fedoraproject fedora 36

fedoraproject fedora 37

Vendor Advisories

Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: xterm before 375 allows code execution via font ops, eg, because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions ...

References

CWE-77https://invisible-island.net/xterm/xterm.log.htmlhttps://www.openwall.com/lists/oss-security/2022/11/10/1https://news.ycombinator.com/item?id=33546415http://www.openwall.com/lists/oss-security/2022/11/10/1http://www.openwall.com/lists/oss-security/2022/11/10/5https://security.gentoo.org/glsa/202211-09https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IVD3I2ZFXGOY6BA2FNS7WPFMPFBDHFWC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TPVNTYFFWNTGZJJQAA4MGGFSTXA4XEA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5T2JI5JCHPTXX2KJU45H2XAHQSFVEJ2Y/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2022-45063
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook