CVE-2021-33226

saltstack/salt

on github

Published

February 17, 2023

Severity

CVSS v3:

9.8 CRITICAL

CVSS v2:

N/A

Description

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input

References

https://github.com/saltstack/salt/blob/master/salt/modules/status.py
https://bugzilla.suse.com/show_bug.cgi?id=1208473

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:saltstack:salt::::::::	n/a	3003 (including)	*

External Links

NVD - CVE-2021-33226