CVE-2022-41138

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:zutty_project:zutty:*:*:*:*:*:*:*:*

History

29 Sep 2022, 17:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202209-25 -

22 Sep 2022, 15:14

Type Values Removed Values Added
First Time Zutty Project
Zutty Project zutty
CPE cpe:2.3:a:zutty_project:zutty:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://bugs.gentoo.org/868495 - (MISC) https://bugs.gentoo.org/868495 - Exploit, Issue Tracking, Patch, Third Party Advisory
References (MISC) https://github.com/tomszilagyi/zutty/compare/0.12...0.13 - (MISC) https://github.com/tomszilagyi/zutty/compare/0.12...0.13 - Patch, Release Notes, Third Party Advisory
References (MISC) https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38 - (MISC) https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38 - Patch, Third Party Advisory
CWE NVD-CWE-noinfo

20 Sep 2022, 18:16

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-20 18:15

Updated : 2022-09-29 17:15


NVD link : CVE-2022-41138

Mitre link : CVE-2022-41138


JSON object : View

Products Affected

zutty_project

  • zutty