Vulnerability Description
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Traffic Server | >= 7.0.0, <= 7.1.12 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393aMailing ListVendor Advisory
- https://www.debian.org/security/2021/dsa-4957Third Party Advisory
- https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393aMailing ListVendor Advisory
- https://www.debian.org/security/2021/dsa-4957Third Party Advisory
FAQ
What is CVE-2021-35474?
CVE-2021-35474 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
How severe is CVE-2021-35474?
CVE-2021-35474 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-35474?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Traffic Server, Debian Debian Linux.