CVE-2021-33477 — Improper Handling of Exceptional Conditions in Eterm

CWE-755 — Improper Handling of Exceptional Conditions4 documents4 sources

Severity

8.8HIGHNVD

EPSS

1.2%

top 21.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eterm Rxvt-unicode Project Rxvt-unicode Debian Eterm +6 more

Timeline

PublishedMay 20

Latest updateMay 24

Description

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶debiandebian/rxvt-unicode< eterm 0.9.6-6.1 (bookworm)

▶Debianrxvt-unicode_project/rxvt-unicode< 9.22-11+3

▶NVDrxvt-unicode_project/rxvt-unicode9.22

▶NVDmrxvt_project/mrxvt0.5.4

▶NVDrxvt_project/rxvt2.7.10

Also affects: Debian Linux 9.0, Fedora 33, 34

Patches

Patch: cvs.schmorp.de ↗Patch: cvs.schmorp.de ↗

🔴Vulnerability Details

GHSA

GHSA-vm2c-wqqr-v3gc: rxvt-unicode 9↗2022-05-24

▶

OSV

CVE-2021-33477: rxvt-unicode 9↗2021-05-20

▶

📋Vendor Advisories

Debian

CVE-2021-33477: eterm - rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially ...↗2021

▶