Skip to content

xterm before 375 allows code execution via font ops, e.g....

Critical severity Unreviewed Published Nov 10, 2022 to the GitHub Advisory Database • Updated Jun 17, 2024

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.

References

Published by the National Vulnerability Database Nov 10, 2022
Published to the GitHub Advisory Database Nov 10, 2022
Last updated Jun 17, 2024

Severity

Critical
9.8
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CVE ID

CVE-2022-45063

GHSA ID

GHSA-3cch-wj7f-8g8x

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.