CVE-2021-33226

Published: Feb 17, 2023Modified: Mar 18, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input

Affected (1)

Products: Saltstack: Salt

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Saltstack Salt	Up to 3003

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://bugzilla.suse.com/show_bug.cgi?id=1208473

Source: cve@mitre.org

https://github.com/saltstack/salt/blob/master/salt/modules/status.py

Source: cve@mitre.org

ExploitVendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1208473

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/saltstack/salt/blob/master/salt/modules/status.py

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.