GLSA-202310-20 : rxvt-unicode: Arbitrary Code Execution

critical Nessus Plugin ID 184010


The remote host is affected by the vulnerability described in GLSA-202310-20 (rxvt-unicode: Arbitrary Code Execution)

- The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


All rxvt-unicode users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose >=x11-terms/rxvt-unicode-9.30

See Also

Plugin Details

Severity: Critical

ID: 184010

File Name: gentoo_GLSA-202310-20.nasl

Version: 1.0

Type: local

Published: 10/30/2023

Updated: 10/30/2023

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-4170


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:gentoo:linux, p-cpe:/a:gentoo:linux:rxvt-unicode

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/30/2023

Vulnerability Publication Date: 12/9/2022

Reference Information

CVE: CVE-2022-4170