CVE-2021-33226

EUVD-2023-0232
Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
saltstacksalt
𝑥
≤ 3003
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=1208473
https://github.com/saltstack/salt/blob/master/salt/modules/status.py
https://bugzilla.suse.com/show_bug.cgi?id=1208473
https://github.com/saltstack/salt/blob/master/salt/modules/status.py