CVE-2021-33477
HIGHrxvt-unicode <9.22, rxvt <2.7.10, mrxvt <0.5.4, Eterm <0.9.7 - RCE
Title source: llmDescription
rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.
References (20)
Core 20
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/05/17/1
Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2017/05/01/20
Patch, Third Party Advisory x_refsource_misc
http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/162621/rxvt-2.7.0-rxvt-unicode-9.22-Code-Execution.html
Product, Third Party Advisory x_refsource_misc
https://sourceforge.net/projects/rxvt/files/rxvt-dev/
Third Party Advisory x_refsource_misc
http://cvs.schmorp.de/rxvt-unicode/Changes?view=log
Product, Third Party Advisory x_refsource_misc
https://sourceforge.net/projects/materm/files/mrxvt%20source/
Third Party Advisory x_refsource_misc
https://git.enlightenment.org/apps/eterm.git/log/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202105-17
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/05/msg00026.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZWGE2RJONBEHSPCBUAW72NTRTIFKZAX/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RFMU5YXXNYYVA7G2DAHRXXHO6JKVFUT/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLPVEPBH37EBR4R54RMC6GD33J37HJXD/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXAKO6N6NKTR6Z6KVAPEXSZQMRU52SGA/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00010.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00011.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AO52OLNOOKOCZSJCN3R7Q25XA32BWNWP/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUV4LDVZVW7KCGPAMFZD4ZJ4FVLPOX4C/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202209-07
Scores
CVSS v3
8.8
EPSS
0.0401
EPSS Percentile
89.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-755
Status
published
Products (7)
debian/debian_linux
9.0
eterm_project/eterm
0.9.7
fedoraproject/fedora
33
fedoraproject/fedora
34
mrxvt_project/mrxvt
0.5.4
rxvt-unicode_project/rxvt-unicode
9.22
rxvt_project/rxvt
2.7.10
Published
May 20, 2021
Tracked Since
Feb 18, 2026