Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input
References
Link | Resource |
---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1208473 | |
https://github.com/saltstack/salt/blob/master/salt/modules/status.py | Exploit Vendor Advisory |
Configurations
History
07 Nov 2023, 03:35
Type | Values Removed | Values Added |
---|---|---|
Summary | Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input |
02 Mar 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input | |
References |
|
28 Feb 2023, 18:07
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-120 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://github.com/saltstack/salt/blob/master/salt/modules/status.py - Exploit, Vendor Advisory | |
CPE | cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* | |
First Time |
Saltstack
Saltstack salt |
17 Feb 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-17 18:15
Updated : 2024-04-11 01:11
NVD link : CVE-2021-33226
Mitre link : CVE-2021-33226
CVE.ORG link : CVE-2021-33226
JSON object : View
Products Affected
saltstack
- salt
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')