CVE-2022-41322

Published: Sep 23, 2022

Modified: Jun 1, 2025

PUBLISHED

Description

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f

x_refsource_MISC

https://bugs.gentoo.org/868543

x_refsource_MISC

https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2

x_refsource_MISC

https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes

x_refsource_MISC

GLSA-202209-22

vendor-advisory

x_refsource_GENTOO

FEDORA-2022-d718af66d1

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-04bc7cd075

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-41322

Description

Affected Products

References