CVE-2022-4170
CRITICALrxvt-unicode - Remote Code Execution in Perl Background Extension
Title source: llmDescription
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2151597
Mailing List, Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/12/05/1
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202310-20
Scores
CVSS v3
9.8
EPSS
0.0336
EPSS Percentile
87.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-74
Status
published
Products (4)
fedoraproject/extra_packages_for_enterprise_linux
8.0
fedoraproject/fedora
37
rxvt-unicode_project/rxvt-unicode
9.25
rxvt-unicode_project/rxvt-unicode
9.26
Published
Dec 09, 2022
Tracked Since
Feb 18, 2026