CVE-2022-41322

Name
CVE-2022-41322
Description
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2
MISC https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f
MISC https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes
MISC https://bugs.gentoo.org/868543
GENTOO https://security.gentoo.org/glsa/202209-22
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RRNAPU33PHEH64P77YL3AJO6CTZGHTX/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RRNAPU33PHEH64P77YL3AJO6CTZGHTX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:kovidgoyal:kitty:*:*:*:*:*:*:*:* kitty >= None < 0.26.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
kitty 3.16-community 0.25.0-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable