VDB
CVE-2021-35474
CVE-2021-35474
PUBLISHED
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
EPSS 9.21% · 92.9th percentile
Risk Scores
EPSS Score
9.21%
92.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | trafficserver | 0, 5.3.0-2ubuntu2, 5.3.0-2ubuntu1 |
| Ubuntu:Pro:20.04:LTS | trafficserver | 8.0.5+ds-2ubuntu1, 8.0.5+ds-3, 8.0.5+ds-3ubuntu0.1~esm1 |
| Ubuntu:18.04:LTS | trafficserver | 7.1.2+ds-2build1, 7.1.2+ds-3, 7.1.2+ds-2 |
Exploit Intelligence
Timeline
- Jun 30, 2021 EPSS Score
- Jun 30, 2021 CVE Published
- Aug 15, 2021 EPSS Score
- Aug 29, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 26, 2022 EPSS Score
- Apr 27, 2022 EPSS Score
- Jun 26, 2022 EPSS Score
- Oct 25, 2022 EPSS Score
- Feb 22, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-35474 third-party-advisory
- https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E third-party-advisory
- https://github.com/apache/trafficserver/pull/7945 third-party-advisory
- https://github.com/apache/trafficserver/commit/5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b third-party-advisory
- https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-35474 third-party-advisory