QwikSec

Security Database

CVE

CWE

Training

CVE-2022-45063

Published: Nov 10, 2022

Modified: Apr 8, 2026

PUBLISHED

Description

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://invisible-island.net/xterm/xterm.log.html

https://www.openwall.com/lists/oss-security/2022/11/10/1

https://news.ycombinator.com/item?id=33546415

[oss-security] 20221110 CVE-2022-45063: xterm <375 code execution via font ops

mailing-list

[oss-security] 20221110 Re: CVE-2022-45063: xterm <375 code execution via font ops

mailing-list

FEDORA-2022-681bbe67b6

vendor-advisory

vendor-advisory

FEDORA-2022-8cf76a9ceb

vendor-advisory

FEDORA-2022-af5f1eee2c

vendor-advisory

[oss-security] 20240615 iTerm2 3.5.x title reporting bug

mailing-list

[oss-security] 20240617 Re: iTerm2 3.5.x title reporting bug

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.