CVE-2022-45063

Опубликовано: 10 нояб. 2022

Источник: redhat

CVSS3: 7.4

Описание

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.

A flaw was found in xterm. This issue may allow code execution via font ops.

Отчет

This issue is marked as moderate because the Red Hat Enterprise Linux 6, 7, 8, and 9, as the xterm package is currently provided with allowWindowOps and allowFontOps resources to false by default that can protect from remote code execution and downgrade the attack surface.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	xterm	Not affected
Red Hat Enterprise Linux 7	xterm	Not affected
Red Hat Enterprise Linux 8	cockpit	Not affected
Red Hat Enterprise Linux 8	cockpit-appstream	Not affected
Red Hat Enterprise Linux 8	cockpit-session-recording	Not affected
Red Hat Enterprise Linux 8	container-tools:3.0/cockpit-podman	Not affected
Red Hat Enterprise Linux 8	container-tools:4.0/cockpit-podman	Not affected
Red Hat Enterprise Linux 8	container-tools:rhel8/cockpit-podman	Not affected
Red Hat Enterprise Linux 8	xterm	Will not fix
Red Hat Enterprise Linux 9	cockpit	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-94

https://bugzilla.redhat.com/show_bug.cgi?id=2142474xterm: code execution via OSC 50 input sequences

7.4 High

CVSS3

Связанные уязвимости

CVE-2022-45063

CVSS3: 9.8

ubuntu

больше 2 лет назад

CVE-2022-45063

CVSS3: 9.8

nvd

больше 2 лет назад

CVE-2022-45063

CVSS3: 9.8

debian

больше 2 лет назад

xterm before 375 allows code execution via font ops, e.g., because an ...

SUSE-SU-2023:0582-1

suse-cvrf

больше 2 лет назад

Security update for xterm

SUSE-SU-2023:0221-1

suse-cvrf

больше 2 лет назад

Security update for xterm

7.4 High

CVSS3