ID CVE-2020-35605
Summary The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.
References
Vulnerable Configurations
  • cpe:2.3:a:kitty_project:kitty:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.14.5:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.14.6:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.14.6:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.17.3:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.17.4:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.17.4:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kitty_project:kitty:0.18.3:*:*:*:*:*:*:*
    cpe:2.3:a:kitty_project:kitty:0.18.3:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 01-09-2022 - 19:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
debian DSA-4819
misc
Last major update 01-09-2022 - 19:43
Published 21-12-2020 - 20:15
Last modified 01-09-2022 - 19:43
Back to Top