aosc-os-abbs icon indicating copy to clipboard operation
aosc-os-abbs copied to clipboard

Published 20 hours ago verified publisher icon AOSC-Dev

kitty: Arbitrary Code Execution (CVE-2022-41322)

Open CamberLoid opened this issue 2 years ago • 0 comments

CVE IDs

CVE-2022-41322

Other security advisory IDs

  • Gentoo: https://security.gentoo.org/glsa/202209-22
  • Ubuntu: https://ubuntu.com/security/notices/USN-5659-1
  • Debian: https://security-tracker.debian.org/tracker/CVE-2022-41322

Description

Carter Sande discovered that kitty incorrectly handled escape sequences in desktop notifications. A remote attacker could possibly use this to execute arbitrary commands. Kitty version < 0.26.2 is vulnerable. An upgrade to 0.26.2/0.26.3 will fix the problem.

Problem is fixed in commit https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f

Patches

N/A

PoC(s)

https://bugs.gentoo.org/attachment.cgi?id=803263

CamberLoid avatar Oct 09 '22 13:10 CamberLoid