CVE-2021-44273

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-44273

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44273.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-44273

Related

Published

2021-12-23T12:15:07Z

Modified

2025-01-15T02:08:47.856281Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.

References

Affected packages

Debian:11 / e2guardian

Package

Name: e2guardian
Purl: pkg:deb/debian/e2guardian?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.3.4-1+deb11u1

Affected versions

5.*

5.3.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / e2guardian

Package

Name: e2guardian
Purl: pkg:deb/debian/e2guardian?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.3.5-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / e2guardian

Package

Name: e2guardian
Purl: pkg:deb/debian/e2guardian?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.3.5-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/e2guardian/e2guardian

Affected ranges

Type: GIT
Repo: https://github.com/e2guardian/e2guardian
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

eae46a7e2a57103aadca903c4a24cca94dc502a2

Fixed

eae46a7e2a57103aadca903c4a24cca94dc502a2

Affected versions

V5.*

V5.1.1

v3.*

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.1.0

v3.1.1

v3.1.2

v3.2.0

v4.*

v4.0-beta0

v4.0beta1

v4.0beta2

v5.*

v5.0.0beta

v5.1

v5.1.1

v5.2.0

v5.2.1

v5.2.2

v5.3.1

v5.3.2

v5.4.1-pre1

v5.4.2r-pre2

v5.4.3r