CRITICAL🇵🇱 Wersja polska

CVE-2021-33226

CVSS 9.8v3.1pub. 2023-02-17upd. 2025-03-18

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Saltstack Salt

    APP
    Saltstack
    ≤ 3003
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2020-16846CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the...

CVE-2020-11651CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process Clea...

CVE-2024-38824CRITICAL9.6PL ✓ten sam produkt

Path Traversal w SaltStack Salt – zapis dowolnych plików w katalogu cache mastera

CVE-2021-25315CRITICAL9.8ten sam produkt

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumblew...

CVE-2021-25282CRITICAL9.1ten sam produkt

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is v...