xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
References
Configurations
History
17 Jun 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Jun 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:54
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2022-11-10 16:15
Updated : 2024-06-17 15:15
NVD link : CVE-2022-45063
Mitre link : CVE-2022-45063
CVE.ORG link : CVE-2022-45063
JSON object : View
Products Affected
fedoraproject
- fedora
invisible-island
- xterm
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')