CVE-2021-43082

CWE-120Classic Buffer Overflow5 documents5 sources
Severity
9.8CRITICAL
EPSS
1.1%
top 21.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Traffic ServerApache Software Foundation Apache Traffic Server
Timeline
PublishedNov 3
Latest updateMay 24

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDapache/traffic_server8.0.08.1.2+1
Debiantrafficserver< 9.1.1+ds-1

Patches

Patch: lists.apache.orgPatch: lists.apache.org

🔴Vulnerability Details

3
GHSA
GHSA-6mp9-9wj5-hg44: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an2022-05-24
CVEList
heap-buffer-overflow with stats-over-http plugin2021-11-03
OSV
CVE-2021-43082: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an2021-11-03

📋Vendor Advisories

1
Debian
CVE-2021-43082: trafficserver - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerabi...2021
CVE-2021-43082 (CRITICAL CVSS 9.8) | Buffer Copy without Checking Size o | cvebase.io