CVE-2022-27816: Data Loss/Denial of Service in SWHKD

March 31, 2022 (updated April 28, 2022)

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. A patch is available on the 1.1.0 branch of the repository.

References

github.com/advisories/GHSA-8m49-2xj8-67v9
github.com/waycrate/swhkd
github.com/waycrate/swhkd/commit/0b620a09605afb815c6d8d8953bbb7a10a8c0575
github.com/waycrate/swhkd/releases/tag/1.2.0
nvd.nist.gov/vuln/detail/CVE-2022-27816

Detect and mitigate CVE-2022-27816 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →