CVE-2022-41322

CVE-2022-41322

Name

CVE-2022-41322

Description

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2
MISC	https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f
MISC	https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes
MISC	https://bugs.gentoo.org/868543
GENTOO	https://security.gentoo.org/glsa/202209-22
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RRNAPU33PHEH64P77YL3AJO6CTZGHTX/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI/

Type

URI

MISC

https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2

MISC

https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f

MISC

https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes

MISC

https://bugs.gentoo.org/868543

GENTOO

https://security.gentoo.org/glsa/202209-22