CVE-2021-32563

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Thunar versions prior to 4.16.7 Thunar versions 4.17.x prior to 4.17.2

Description An issue was discovered in Thunar where it delegates to a different program based on the file type without user confirmation when called with a regular file as a command-line argument. This could be used to achieve code execution. The exploitation of this issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For Thunar versions prior to 4.16.7, update to version 4.16.7 or later. For Thunar versions 4.17.x prior to 4.17.2, update to version 4.17.2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-913

Related Identifiers

ALT-PU-2021-1789

ALT-PU-2021-1810

BDU:2021-04682

CVE-2021-32563

MGASA-2021-0306

OESA-2021-1298

Affected Products

Alt Linux

Thunar

CVE-2021-32563

Weakness Enumeration

Related Identifiers

Affected Products

References · 27