Your submission was sent successfully! Close

CVE-2022-41322

Published: 23 September 2022

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
kitty
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(code not present)
jammy
Released (0.21.2-1ubuntu0.22.04.1)
kinetic Needs triage

trusty Does not exist

upstream
Released (0.26.2)
xenial Does not exist

Patches:
upstream: https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f