Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-33226

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input

Published

2023-02-17T18:15:11.083

Last Modified

2025-03-18T19:15:38.633

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-120
Type: Secondary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	saltstack	salt	≤ 3003	Yes

References

https://bugzilla.suse.com/show_bug.cgi?id=1208473 ([email protected])
https://github.com/saltstack/salt/blob/master/salt/modules/status.py Exploit, Vendor Advisory ([email protected])
https://bugzilla.suse.com/show_bug.cgi?id=1208473 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/saltstack/salt/blob/master/salt/modules/status.py Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)