CVE-2022-41138

NameCVE-2022-41138
DescriptionIn Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
zutty (PTS)bookworm0.14.0.20230218+dfsg1-1fixed
trixie0.15.7.20240421+dfsg1-1fixed
sid0.16.0.20240607+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zuttysource(unstable)0.13.0.20220910.112547+dfsg1-1

Notes

https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38 (0.13)

Search for package or bug name: Reporting problems