CVE-2022-27816

HIGH7.1EPSS 0.12%

Data Loss/Denial of Service in SWHKD

Published: 3/31/2022Modified: 11/8/2023

Description

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. A patch is available on the `1.1.0` branch of the repository.

Affected packages (1)

crates.io/Simple-Wayland-HotKey-Daemonfrom 0, < 1.2.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.1	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-27816
PATCHhttps://github.com/waycrate/swhkd
WEBhttps://github.com/waycrate/swhkd/commit/0b620a09605afb815c6d8d8953bbb7a10a8c0575
WEBhttps://github.com/waycrate/swhkd/releases/tag/1.2.0
WEBhttp://www.openwall.com/lists/oss-security/2022/04/14/1