CVE Vulnerabilities

CVE-2022-41138

Published: Sep 20, 2022 | Modified: May 29, 2025
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
root.io minimus.io echohq.com

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.

Affected Software

Name Vendor Start Version End Version
Zutty Zutty_project * 0.13 (excluding)
Zutty Ubuntu devel *
Zutty Ubuntu esm-apps/jammy *
Zutty Ubuntu esm-apps/noble *
Zutty Ubuntu jammy *
Zutty Ubuntu kinetic *
Zutty Ubuntu lunar *
Zutty Ubuntu mantic *
Zutty Ubuntu noble *
Zutty Ubuntu oracular *
Zutty Ubuntu plucky *
Zutty Ubuntu trusty *
Zutty Ubuntu upstream *
Zutty Ubuntu xenial *

References