SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-27818
- https://github.com/waycrate/swhkd/commit/f70b99dd575fab79d8a942111a6980431f006818
- https://github.com/waycrate/swhkd/releases/tag/1.1.7
- https://github.com/waycrate/swhkd/releases
- http://www.openwall.com/lists/oss-security/2022/04/14/1
- https://github.com/advisories/GHSA-r3r5-jhw6-4634