Description
In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.
References
https://bugs.gentoo.org/868495
ExploitIssue TrackingPatchThird Party Advisory
https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38
PatchThird Party Advisory
https://github.com/tomszilagyi/zutty/compare/0.12...0.13
PatchRelease NotesThird Party Advisory
https://security.gentoo.org/glsa/202209-25
Third Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-09-20T18:15:10.690
2 years agoLast modified
2022-10-07T13:20:24.543
2 years ago