apache traffic-server CVE-2021-35474 in Apache and Debian Products
Published on June 30, 2021

Dynamic stack buffer overflow in cachekey plugin

product logo product logo
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Vendor Advisory NVD

Weakness Type

What is a Stack Overflow Vulnerability?

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CVE-2021-35474 has been classified to as a Stack Overflow vulnerability or weakness.


Products Associated with CVE-2021-35474

stack.watch emails you whenever new vulnerabilities are published in Apache Traffic Server or Debian Linux. Just hit a watch button to start following.

Apache Traffic Server
 
Debian Linux
 

Affected Versions

Apache Software Foundation Apache Traffic Server Version Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1 is affected by CVE-2021-35474

Exploit Probability

EPSS
9.21%
Percentile
92.60%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.