VDB
CVE-2021-32563
CVE-2021-32563
PUBLISHED
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.
EPSS 0.99% · 77.3th percentile
Risk Scores
EPSS Score
0.99%
77.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | thunar | 1.8.14-0ubuntu1, 1.8.12-1, 1.8.11-1 |
| Ubuntu:16.04:LTS | thunar | 0, 1.6.10-1, 1.6.10-2 |
| Ubuntu:18.04:LTS | thunar | 1.6.15-0ubuntu1, 1.6.15-0ubuntu1.18.04.1, 1.6.14-1 |
Exploit Intelligence
- https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b (circl)
- https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664 (circl)
- https://www.openwall.com/lists/oss-security/2021/05/09/2 (circl)
- https://gitlab.xfce.org/xfce/thunar/-/tags (circl)
- [oss-security] 20210511 Re: Code execution through Thunar (circl)
- https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d (circl)
- [oss-security] 20230104 Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations (circl)
- [oss-security] 20230105 Re: Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations (circl)
Timeline
- May 11, 2021 CVE Published
- May 11, 2021 EPSS Score
- Jul 14, 2021 EPSS Score
- Nov 14, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 18, 2022 EPSS Score
- May 19, 2022 EPSS Score
- Jul 21, 2022 EPSS Score
- Nov 21, 2022 EPSS Score
- Jan 6, 2023 EPSS Score
- Feb 23, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-32563 third-party-advisory
- https://www.openwall.com/lists/oss-security/2021/05/09/2 third-party-advisory
- https://gitlab.xfce.org/xfce/thunar/-/tags third-party-advisory
- https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b third-party-advisory
- https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664 third-party-advisory
- http://www.openwall.com/lists/oss-security/2021/05/11/3 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-32563 third-party-advisory