{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2022-09-25T15:06:09.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.openwall.com/lists/oss-security/2021/05/17/1"},{"tags":["x_refsource_MISC"],"url":"https://www.openwall.com/lists/oss-security/2017/05/01/20"},{"tags":["x_refsource_MISC"],"url":"http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583"},{"tags":["x_refsource_MISC"],"url":"https://packetstormsecurity.com/files/162621/rxvt-2.7.0-rxvt-unicode-9.22-Code-Execution.html"},{"tags":["x_refsource_MISC"],"url":"https://sourceforge.net/projects/rxvt/files/rxvt-dev/"},{"tags":["x_refsource_MISC"],"url":"http://cvs.schmorp.de/rxvt-unicode/Changes?view=log"},{"tags":["x_refsource_MISC"],"url":"https://sourceforge.net/projects/materm/files/mrxvt%20source/"},{"tags":["x_refsource_MISC"],"url":"https://git.enlightenment.org/apps/eterm.git/log/"},{"name":"GLSA-202105-17","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/202105-17"},{"name":"[debian-lts-announce] 20210530 [SECURITY] [DLA 2671-1] rxvt-unicode security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00026.html"},{"name":"FEDORA-2021-a4c0a91884","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZWGE2RJONBEHSPCBUAW72NTRTIFKZAX/"},{"name":"FEDORA-2021-5b96f0f5db","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RFMU5YXXNYYVA7G2DAHRXXHO6JKVFUT/"},{"name":"FEDORA-2021-c883ca2a37","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLPVEPBH37EBR4R54RMC6GD33J37HJXD/"},{"name":"FEDORA-2021-8b85b2de05","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXAKO6N6NKTR6Z6KVAPEXSZQMRU52SGA/"},{"name":"[debian-lts-announce] 20210609 [SECURITY] [DLA 2681-1] eterm security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00010.html"},{"name":"[debian-lts-announce] 20210609 [SECURITY] [DLA 2683-1] rxvt security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html"},{"name":"[debian-lts-announce] 20210609 [SECURITY] [DLA 2682-1] mrxvt security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00011.html"},{"name":"FEDORA-2021-71556a5722","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AO52OLNOOKOCZSJCN3R7Q25XA32BWNWP/"},{"name":"FEDORA-2021-0d3268fc35","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUV4LDVZVW7KCGPAMFZD4ZJ4FVLPOX4C/"},{"name":"GLSA-202209-07","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/202209-07"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-33477","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://www.openwall.com/lists/oss-security/2021/05/17/1","refsource":"MISC","url":"https://www.openwall.com/lists/oss-security/2021/05/17/1"},{"name":"https://www.openwall.com/lists/oss-security/2017/05/01/20","refsource":"MISC","url":"https://www.openwall.com/lists/oss-security/2017/05/01/20"},{"name":"http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583","refsource":"MISC","url":"http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583"},{"name":"https://packetstormsecurity.com/files/162621/rxvt-2.7.0-rxvt-unicode-9.22-Code-Execution.html","refsource":"MISC","url":"https://packetstormsecurity.com/files/162621/rxvt-2.7.0-rxvt-unicode-9.22-Code-Execution.html"},{"name":"https://sourceforge.net/projects/rxvt/files/rxvt-dev/","refsource":"MISC","url":"https://sourceforge.net/projects/rxvt/files/rxvt-dev/"},{"name":"http://cvs.schmorp.de/rxvt-unicode/Changes?view=log","refsource":"MISC","url":"http://cvs.schmorp.de/rxvt-unicode/Changes?view=log"},{"name":"https://sourceforge.net/projects/materm/files/mrxvt%20source/","refsource":"MISC","url":"https://sourceforge.net/projects/materm/files/mrxvt%20source/"},{"name":"https://git.enlightenment.org/apps/eterm.git/log/","refsource":"MISC","url":"https://git.enlightenment.org/apps/eterm.git/log/"},{"name":"GLSA-202105-17","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/202105-17"},{"name":"[debian-lts-announce] 20210530 [SECURITY] [DLA 2671-1] rxvt-unicode security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00026.html"},{"name":"FEDORA-2021-a4c0a91884","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZWGE2RJONBEHSPCBUAW72NTRTIFKZAX/"},{"name":"FEDORA-2021-5b96f0f5db","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RFMU5YXXNYYVA7G2DAHRXXHO6JKVFUT/"},{"name":"FEDORA-2021-c883ca2a37","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLPVEPBH37EBR4R54RMC6GD33J37HJXD/"},{"name":"FEDORA-2021-8b85b2de05","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXAKO6N6NKTR6Z6KVAPEXSZQMRU52SGA/"},{"name":"[debian-lts-announce] 20210609 [SECURITY] [DLA 2681-1] eterm security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00010.html"},{"name":"[debian-lts-announce] 20210609 [SECURITY] [DLA 2683-1] rxvt security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html"},{"name":"[debian-lts-announce] 20210609 [SECURITY] [DLA 2682-1] mrxvt security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00011.html"},{"name":"FEDORA-2021-71556a5722","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO52OLNOOKOCZSJCN3R7Q25XA32BWNWP/"},{"name":"FEDORA-2021-0d3268fc35","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DUV4LDVZVW7KCGPAMFZD4ZJ4FVLPOX4C/"},{"name":"GLSA-202209-07","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/202209-07"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T23:50:42.963Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.openwall.com/lists/oss-security/2021/05/17/1"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.openwall.com/lists/oss-security/2017/05/01/20"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://packetstormsecurity.com/files/162621/rxvt-2.7.0-rxvt-unicode-9.22-Code-Execution.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://sourceforge.net/projects/rxvt/files/rxvt-dev/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://cvs.schmorp.de/rxvt-unicode/Changes?view=log"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://sourceforge.net/projects/materm/files/mrxvt%20source/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://git.enlightenment.org/apps/eterm.git/log/"},{"name":"GLSA-202105-17","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/202105-17"},{"name":"[debian-lts-announce] 20210530 [SECURITY] [DLA 2671-1] rxvt-unicode security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00026.html"},{"name":"FEDORA-2021-a4c0a91884","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZWGE2RJONBEHSPCBUAW72NTRTIFKZAX/"},{"name":"FEDORA-2021-5b96f0f5db","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RFMU5YXXNYYVA7G2DAHRXXHO6JKVFUT/"},{"name":"FEDORA-2021-c883ca2a37","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLPVEPBH37EBR4R54RMC6GD33J37HJXD/"},{"name":"FEDORA-2021-8b85b2de05","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXAKO6N6NKTR6Z6KVAPEXSZQMRU52SGA/"},{"name":"[debian-lts-announce] 20210609 [SECURITY] [DLA 2681-1] eterm security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00010.html"},{"name":"[debian-lts-announce] 20210609 [SECURITY] [DLA 2683-1] rxvt security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html"},{"name":"[debian-lts-announce] 20210609 [SECURITY] [DLA 2682-1] mrxvt security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00011.html"},{"name":"FEDORA-2021-71556a5722","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AO52OLNOOKOCZSJCN3R7Q25XA32BWNWP/"},{"name":"FEDORA-2021-0d3268fc35","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUV4LDVZVW7KCGPAMFZD4ZJ4FVLPOX4C/"},{"name":"GLSA-202209-07","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/202209-07"}]}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2021-33477","datePublished":"2021-05-20T19:16:01.000Z","dateReserved":"2021-05-20T00:00:00.000Z","dateUpdated":"2024-08-03T23:50:42.963Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}