{"api_version":"1","generated_at":"2026-04-23T00:59:42+00:00","cve":"CVE-2022-45063","urls":{"html":"https://cve.report/CVE-2022-45063","api":"https://cve.report/api/cve/CVE-2022-45063.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-45063","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-45063"},"summary":{"title":"CVE-2022-45063","description":"xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.","state":"PUBLISHED","assigner":"mitre","published_at":"2022-11-10 16:15:12","updated_at":"2026-04-08 19:17:54"},"problem_types":["CWE-77","n/a"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TPVNTYFFWNTGZJJQAA4MGGFSTXA4XEA/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TPVNTYFFWNTGZJJQAA4MGGFSTXA4XEA/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 35 Update: xterm-375-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2022/11/10/5","name":"http://www.openwall.com/lists/oss-security/2022/11/10/5","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"],"title":"oss-security - Re: CVE-2022-45063: xterm <375 code execution via\n font ops","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/08/10","name":"http://www.openwall.com/lists/oss-security/2026/04/08/10","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/08/1","name":"http://www.openwall.com/lists/oss-security/2026/04/08/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IVD3I2ZFXGOY6BA2FNS7WPFMPFBDHFWC/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IVD3I2ZFXGOY6BA2FNS7WPFMPFBDHFWC/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 36 Update: xterm-375-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2024/06/17/1","name":"http://www.openwall.com/lists/oss-security/2024/06/17/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2022/11/10/1","name":"http://www.openwall.com/lists/oss-security/2022/11/10/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"],"title":"oss-security - CVE-2022-45063: xterm <375 code execution via font ops","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2024/06/15/1","name":"http://www.openwall.com/lists/oss-security/2024/06/15/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.gentoo.org/glsa/202211-09","name":"https://security.gentoo.org/glsa/202211-09","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"xterm: Arbitrary Code Execution (GLSA 202211-09) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://invisible-island.net/xterm/xterm.log.html","name":"https://invisible-island.net/xterm/xterm.log.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"XTERM - Change Log","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.openwall.com/lists/oss-security/2022/11/10/1","name":"https://www.openwall.com/lists/oss-security/2022/11/10/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"],"title":"oss-security - CVE-2022-45063: xterm <375 code execution via font ops","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5T2JI5JCHPTXX2KJU45H2XAHQSFVEJ2Y/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5T2JI5JCHPTXX2KJU45H2XAHQSFVEJ2Y/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 37 Update: xterm-375-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://news.ycombinator.com/item?id=33546415","name":"https://news.ycombinator.com/item?id=33546415","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"],"title":"CVE-2022-45063: xterm code execution via font ops | Hacker News","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVD3I2ZFXGOY6BA2FNS7WPFMPFBDHFWC/","name":"FEDORA:FEDORA-2022-681bbe67b6","refsource":"MITRE","tags":[],"title":"[SECURITY] Fedora 36 Update: xterm-375-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TPVNTYFFWNTGZJJQAA4MGGFSTXA4XEA/","name":"FEDORA:FEDORA-2022-8cf76a9ceb","refsource":"MITRE","tags":[],"title":"[SECURITY] Fedora 35 Update: xterm-375-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5T2JI5JCHPTXX2KJU45H2XAHQSFVEJ2Y/","name":"FEDORA:FEDORA-2022-af5f1eee2c","refsource":"MITRE","tags":[],"title":"[SECURITY] Fedora 37 Update: xterm-375-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-45063","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45063","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"45063","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"45063","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"45063","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"45063","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"invisible-island","cpe5":"xterm","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2022","cve_id":"45063","cve":"CVE-2022-45063","epss":"0.179380000","percentile":"0.951410000","score_date":"2026-04-09","updated_at":"2026-04-10 00:07:03"},"legacy_qids":[{"cve":"CVE-2022-45063","qid":"182927","title":"Debian Security Update for xterm (CVE-2022-45063)"},{"cve":"CVE-2022-45063","qid":"283325","title":"Fedora Security Update for xterm (FEDORA-2022-681bbe67b6)"},{"cve":"CVE-2022-45063","qid":"283338","title":"Fedora Security Update for xterm (FEDORA-2022-8cf76a9ceb)"},{"cve":"CVE-2022-45063","qid":"283421","title":"Fedora Security Update for xterm (FEDORA-2022-af5f1eee2c)"},{"cve":"CVE-2022-45063","qid":"710688","title":"Gentoo Linux xterm Arbitrary Code Execution Vulnerability (GLSA 202211-09)"},{"cve":"CVE-2022-45063","qid":"753588","title":"SUSE Enterprise Linux Security Update for xterm (SUSE-SU-2023:0173-1)"},{"cve":"CVE-2022-45063","qid":"753610","title":"SUSE Enterprise Linux Security Update for xterm (SUSE-SU-2023:0221-1)"},{"cve":"CVE-2022-45063","qid":"753794","title":"SUSE Enterprise Linux Security Update for xterm (SUSE-SU-2023:0582-1)"},{"cve":"CVE-2022-45063","qid":"904484","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for xterm (11429)"},{"cve":"CVE-2022-45063","qid":"907280","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for xterm (11429-1)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2022-45063","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2024-06-17T14:34:56.736041Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-06-17T14:35:05.675Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2026-04-08T17:24:10.360Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://invisible-island.net/xterm/xterm.log.html"},{"tags":["x_transferred"],"url":"https://www.openwall.com/lists/oss-security/2022/11/10/1"},{"tags":["x_transferred"],"url":"https://news.ycombinator.com/item?id=33546415"},{"name":"[oss-security] 20221110 CVE-2022-45063: xterm <375 code execution via font ops","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2022/11/10/1"},{"name":"[oss-security] 20221110 Re: CVE-2022-45063: xterm <375 code execution via font ops","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2022/11/10/5"},{"name":"FEDORA-2022-681bbe67b6","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IVD3I2ZFXGOY6BA2FNS7WPFMPFBDHFWC/"},{"name":"GLSA-202211-09","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202211-09"},{"name":"FEDORA-2022-8cf76a9ceb","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TPVNTYFFWNTGZJJQAA4MGGFSTXA4XEA/"},{"name":"FEDORA-2022-af5f1eee2c","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5T2JI5JCHPTXX2KJU45H2XAHQSFVEJ2Y/"},{"name":"[oss-security] 20240615 iTerm2 3.5.x title reporting bug","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/06/15/1"},{"name":"[oss-security] 20240617 Re: iTerm2 3.5.x title reporting bug","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/06/17/1"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/08/1"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/08/10"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2024-06-17T15:05:58.315Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"url":"https://invisible-island.net/xterm/xterm.log.html"},{"url":"https://www.openwall.com/lists/oss-security/2022/11/10/1"},{"url":"https://news.ycombinator.com/item?id=33546415"},{"name":"[oss-security] 20221110 CVE-2022-45063: xterm <375 code execution via font ops","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2022/11/10/1"},{"name":"[oss-security] 20221110 Re: CVE-2022-45063: xterm <375 code execution via font ops","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2022/11/10/5"},{"name":"FEDORA-2022-681bbe67b6","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IVD3I2ZFXGOY6BA2FNS7WPFMPFBDHFWC/"},{"name":"GLSA-202211-09","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202211-09"},{"name":"FEDORA-2022-8cf76a9ceb","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TPVNTYFFWNTGZJJQAA4MGGFSTXA4XEA/"},{"name":"FEDORA-2022-af5f1eee2c","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5T2JI5JCHPTXX2KJU45H2XAHQSFVEJ2Y/"},{"name":"[oss-security] 20240615 iTerm2 3.5.x title reporting bug","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2024/06/15/1"},{"name":"[oss-security] 20240617 Re: iTerm2 3.5.x title reporting bug","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2024/06/17/1"}]}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2022-45063","datePublished":"2022-11-10T00:00:00.000Z","dateReserved":"2022-11-09T00:00:00.000Z","dateUpdated":"2026-04-08T17:24:10.360Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2022-11-10 16:15:12","lastModifiedDate":"2026-04-08 19:17:54","problem_types":["CWE-77","n/a"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:invisible-island:xterm:*:*:*:*:*:*:*:*","versionEndExcluding":"375","matchCriteriaId":"52D6B701-A4C7-4148-804D-88E8666AA4D6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","matchCriteriaId":"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"45063","Ordinal":"1","Title":"CVE-2022-45063","CVE":"CVE-2022-45063","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"45063","Ordinal":"1","NoteData":"xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.","Type":"Description","Title":"CVE-2022-45063"}]}}}