CVE-2021-33226

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

9.8CRITICAL

EPSS

4.0%

top 11.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Saltstack Salt

Timeline

PublishedFeb 17

Description

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDsaltstack/salt3003

▶PyPIsalt< 3003.1

🔴Vulnerability Details

GHSA

GHSA-3cjm-9wq5-p7gj: Buffer Overflow vulnerability in Saltstack v↗2023-02-17

▶

OSV

CVE-2021-33226: Buffer Overflow vulnerability in Saltstack v↗2023-02-17

▶

CVEList

CVE-2021-33226: Buffer Overflow vulnerability in Saltstack v↗2023-02-17

▶