{"id":"CVE-2022-4170","details":"The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.","modified":"2026-04-10T04:51:27.830688Z","published":"2022-12-09T18:15:20.327Z","related":["MGASA-2022-0459","openSUSE-SU-2023:0306-1","openSUSE-SU-2024:13323-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202310-20"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2022/12/05/1"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2151597"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/exg/rxvt-unicode","events":[{"introduced":"0"},{"last_affected":"4cbc689ec6ff9174e2d28c12f5777e224b2c79ba"},{"introduced":"0"},{"last_affected":"963a50ca86662feb39951be3cd601a305aef6a8a"},{"introduced":"0"},{"last_affected":"4a3750edbb9626312bfea9449eb568c2a3986182"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.25"},{"introduced":"0"},{"last_affected":"9.26"},{"introduced":"0"},{"last_affected":"8.0"}]}}],"versions":["rxvt-unicode-1.2","rxvt-unicode-1.3","rxvt-unicode-1.9","rxvt-unicode-2.0","rxvt-unicode-2.1","rxvt-unicode-2.2","rxvt-unicode-2.3","rxvt-unicode-2.4","rxvt-unicode-2.5","rxvt-unicode-2.7","rxvt-unicode-2.8","rxvt-unicode-3.0","rxvt-unicode-3.2","rxvt-unicode-3.3","rxvt-unicode-3.4","rxvt-unicode-3.5","rxvt-unicode-3.6","rxvt-unicode-3.7","rxvt-unicode-3.8","rxvt-unicode-4.0","rxvt-unicode-4.1","rxvt-unicode-4.2","rxvt-unicode-4.3","rxvt-unicode-4.4","rxvt-unicode-4.6","rxvt-unicode-4.7","rxvt-unicode-4.8","rxvt-unicode-4.9","rxvt-unicode-5.0","rxvt-unicode-5.1","rxvt-unicode-5.2","rxvt-unicode-5.3","rxvt-unicode-5.4","rxvt-unicode-5.5","rxvt-unicode-5.7","rxvt-unicode-5.8","rxvt-unicode-5.9","rxvt-unicode-6.0","rxvt-unicode-6.1","rxvt-unicode-6.2","rxvt-unicode-6.3","rxvt-unicode-7.0","rxvt-unicode-7.1","rxvt-unicode-7.2","rxvt-unicode-7.3","rxvt-unicode-7.3a","rxvt-unicode-7.4","rxvt-unicode-7.5","rxvt-unicode-7.6","rxvt-unicode-7.7","rxvt-unicode-7.8","rxvt-unicode-7.9","rxvt-unicode-8.0","rxvt-unicode-8.1","rxvt-unicode-8.2","rxvt-unicode-8.3","rxvt-unicode-8.4","rxvt-unicode-8.5a","rxvt-unicode-8.6","rxvt-unicode-8.7","rxvt-unicode-8.8","rxvt-unicode-8.9","rxvt-unicode-9.0","rxvt-unicode-9.01","rxvt-unicode-9.02","rxvt-unicode-9.05","rxvt-unicode-9.06","rxvt-unicode-9.07","rxvt-unicode-9.09","rxvt-unicode-9.10","rxvt-unicode-9.11","rxvt-unicode-9.12","rxvt-unicode-9.14","rxvt-unicode-9.15","rxvt-unicode-9.16","rxvt-unicode-9.17","rxvt-unicode-9.18","rxvt-unicode-9.19","rxvt-unicode-9.20","rxvt-unicode-9.21","rxvt-unicode-9.22","rxvt-unicode-9.25","rxvt-unicode-9.26"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4170.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"37"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}