Upstream information
Description
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 9.8 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2023:0306-1, published Fri Oct 20 16:51:27 2023
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Package Hub 15 SP4 |
| Patchnames: openSUSE-2023-306 |
| SUSE Package Hub 15 SP5 |
| Patchnames: openSUSE-2023-306 |
| openSUSE Leap 15.4 |
| Patchnames: openSUSE-2023-306 |
| openSUSE Leap 15.5 |
| Patchnames: openSUSE-2023-306 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA rxvt-unicode-9.31-1.1 |
SUSE Timeline for this CVE
CVE page created: Mon Dec 5 15:00:03 2022CVE page last modified: Fri Dec 1 16:30:51 2023