CVE-2022-27817

MEDIUM

Waycrate Swhkd - Exposure to Wrong Actor

Title source: rule

Description

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality.

References (2)

[Release Notes, Third Party Advisory] https://github.com/waycrate/swhkd/releases

[Exploit, Mailing List, Third Party Advisory] https://www.openwall.com/lists/oss-security/2022/04/14/1

Scores

CVSS v3 4.4

EPSS 0.0007

EPSS Percentile 20.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Classification

CWE

CWE-668

Status published

Affected Products (2)

waycrate/swhkd

crates.io/Simple-Wayland-HotKey-Daemon crates.io

Timeline

Published Apr 14, 2022

Tracked Since Feb 18, 2026