CVE-2014-3121
rxvt-unicode - security update
EPSS 3.3%
Description
rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands.
How to fix CVE-2014-3121
To remediate CVE-2014-3121, upgrade the affected package to a fixed version below.
- Debian/rxvt-unicode—upgrade to 9.20-1 or later
- Debian/rxvt-unicode—upgrade to 9.07-2+deb6u1 or later
Is CVE-2014-3121 being exploited?
Low — EPSS is 3.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 9.20-1
- from 0, < 9.07-2+deb6u1