FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rxvt-unicode is vulnerable to a remote code execution

Affected packages
rxvt-unicode < 9.31


VuXML ID 5b2eac07-8b4d-11ed-8b23-a0f3c100ae18
Discovery 2022-12-05
Entry 2023-01-03

Marc Lehmann reports:

The biggest issue is resolving CVE-2022-4170, which allows command execution inside urxvt from within the terminal (that means anything that can output text in the terminal can start commands in the context of the urxvt process, even remotely).


CVE Name CVE-2022-4170