Wiz
Vulnerability DatabaseCVE-2022-41138

CVE-2022-41138
Linux Debian vulnerability analysis and mitigation

Overview

CVE-2022-41138 affects Zutty terminal emulator versions before 0.13. The vulnerability was discovered in September 2022 and allows arbitrary code execution through DECRQSS (Device Control Report Query Status String) commands in text written to the terminal (Gentoo GLSA, NVD).

Technical details

The vulnerability exists due to improper handling of invalid DECRQSS commands. When invalid input is received, Zutty would echo it back to the console, allowing a malicious console application to invoke arbitrary commands. This is similar to CVE-2008-2383 which affected other terminal emulators (GitHub Commit).

Impact

A successful exploitation of this vulnerability allows untrusted text written to the Zutty terminal to achieve arbitrary code execution, potentially giving attackers complete control over the affected system (Gentoo GLSA).

Mitigation and workarounds

The vulnerability was fixed in Zutty version 0.13 by modifying how invalid DECRQSS requests are handled - responding with a cancel instead of echoing the invalid input. Users should upgrade to version 0.13 or later as there are no known workarounds for affected versions (Gentoo GLSA, GitHub Commit).

Additional resources

SourceThis report was generated using AI

Related Linux Debian vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-67726HIGH7.5
  • Linux DebianLinux Debian
  • python-tornado
NoNoDec 12, 2025
CVE-2025-67725HIGH7.5
  • Linux DebianLinux Debian
  • python-tornado
NoNoDec 12, 2025
CVE-2025-67724MEDIUM5.4
  • Linux DebianLinux Debian
  • python-tornado
NoNoDec 12, 2025
CVE-2025-64702MEDIUM5.3
  • SyncthingSyncthing
  • buf
NoYesDec 11, 2025
CVE-2025-40345N/AN/A
  • Linux DebianLinux Debian
  • linux
NoYesDec 12, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo