VDB
CVE-2022-41322
CVE-2022-41322
PUBLISHED
CVSS 7.800000190734863 HIGH
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.
EPSS 1.32% · 80.3th percentile
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
1.32%
80.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| fedoraproject | fedora | 36, 37 |
| kitty_project | kitty | 0 |
Timeline
- Sep 23, 2022 EPSS Score
- Sep 23, 2022 CVE Published
- Mar 7, 2023 EPSS Score
- Mar 17, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
- Jun 1, 2025 CVE Updated
- Jun 4, 2025 EPSS Score
- Jul 1, 2025 EPSS Score
- Aug 1, 2025 EPSS Score
- Aug 4, 2025 EPSS Score
References
- https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f url
- https://bugs.gentoo.org/868543 url
- https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2 url
- https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes url
- GLSA-202209-22 vendor-advisory
- FEDORA-2022-d718af66d1 vendor-advisory
- FEDORA-2022-04bc7cd075 vendor-advisory
- https://lists.debian.org/debian-lts-announce/2025/06/msg00000.html url
- https://nvd.nist.gov/vuln/detail/CVE-2022-41322 advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RRNAPU33PHEH64P77YL3AJO6CTZGHTX url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RRNAPU33PHEH64P77YL3AJO6CTZGHTX url