In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Zutty | Zutty_project | * | 0.13 (excluding) |
| Zutty | Ubuntu | devel | * |
| Zutty | Ubuntu | esm-apps/jammy | * |
| Zutty | Ubuntu | esm-apps/noble | * |
| Zutty | Ubuntu | jammy | * |
| Zutty | Ubuntu | kinetic | * |
| Zutty | Ubuntu | lunar | * |
| Zutty | Ubuntu | mantic | * |
| Zutty | Ubuntu | noble | * |
| Zutty | Ubuntu | oracular | * |
| Zutty | Ubuntu | plucky | * |
| Zutty | Ubuntu | questing | * |
| Zutty | Ubuntu | trusty | * |
| Zutty | Ubuntu | upstream | * |
| Zutty | Ubuntu | xenial | * |
References
- https://bugs.gentoo.org/868495
- https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38
- https://github.com/tomszilagyi/zutty/compare/0.12...0.13
- https://security.gentoo.org/glsa/202209-25
- https://bugs.gentoo.org/868495
- https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38
- https://github.com/tomszilagyi/zutty/compare/0.12...0.13
- https://security.gentoo.org/glsa/202209-25