Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41322: Comparing v0.26.1...v0.26.2 · kovidgoyal/kitty

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.

CVE

Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .

base repository: kovidgoyal/kitty base: v0.26.1

head repository: kovidgoyal/kitty compare: v0.26.2

Related news

CVE-2023-39726: ""?! ANSI Terminal security in 2023 and finding 10 CVEs

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

Ubuntu Security Notice USN-5659-1

Ubuntu Security Notice 5659-1 - Stephane Chauveau discovered that kitty incorrectly handled image filenames with special characters in error messages. A remote attacker could possibly use this to execute arbitrary commands. This issue only affected Ubuntu 20.04 LTS. Carter Sande discovered that kitty incorrectly handled escape sequences in desktop notifications. A remote attacker could possibly use this to execute arbitrary commands. This issue only affected Ubuntu 22.04 LTS.

Gentoo Linux Security Advisory 202209-22

Gentoo Linux Security Advisory 202209-22 - A vulnerability has been found in Kitty which could allow for arbitrary code execution with user input. Versions less than 0.26.2 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907