RXVT Unicode Package Remote Code Execution Vulnerability

RXVT Unicode Package Remote Code Execution Vulnerability

According to the vulnerability report released on 10th of July; the rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. (CVE-2022-4170)

Affected Systems

Configuration 1
cpe:2.3:a:rxvt-unicode_project:rxvt-unicode:9.25:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode_project:rxvt-unicode:9.26:*:*:*:*:*:*:*
Configuration 2
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

IoC’s

-

Recommended Solution(s)

-

Mitigations

-

CVE / CWE

CVE-2022-4170

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2022-4170
• https://bugzilla.redhat.com/show_bug.cgi?id=2151597
• https://www.openwall.com/lists/oss-security/2022/12/05/1

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.