FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rxvt-unicode is vulnerable to a remote code execution

Affected packages
rxvt-unicode < 9.31

Details

VuXML ID 5b2eac07-8b4d-11ed-8b23-a0f3c100ae18
Discovery 2022-12-05
Entry 2023-01-03

Marc Lehmann reports:

The biggest issue is resolving CVE-2022-4170, which allows command execution inside urxvt from within the terminal (that means anything that can output text in the terminal can start commands in the context of the urxvt process, even remotely).

[source]

References

CVE Name CVE-2022-4170
URL https://nvd.nist.gov/vuln/detail/CVE-2022-4170

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.