CVE-2021-33226: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

February 17, 2023 (updated November 7, 2023)

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.

References

github.com/saltstack/salt/blob/master/salt/modules/status.py
nvd.nist.gov/vuln/detail/CVE-2021-33226

Code Behaviors & Features

Detect and mitigate CVE-2021-33226 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →