CVE-2021-44273

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-44273
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44273.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-44273
Downstream
Related
Published
2021-12-23T12:15:07Z
Modified
2025-09-19T13:28:10.818994Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.

References

Affected packages

Git / github.com/e2guardian/e2guardian

Affected ranges

Type
GIT
Repo
https://github.com/e2guardian/e2guardian
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
eae46a7e2a57103aadca903c4a24cca94dc502a2

Affected versions

V5.*

V5.1.1

v3.*

v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.1.0
v3.1.1
v3.1.2
v3.2.0

v4.*

v4.0-beta0
v4.0beta1
v4.0beta2

v5.*

v5.0.0beta
v5.1
v5.1.1
v5.2.0
v5.2.1
v5.2.2
v5.3.1
v5.3.2
v5.4.1-pre1
v5.4.2r-pre2
v5.4.3r

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "225020943847239974401407156376740454469",
                "length": 2340.0
            },
            "signature_type": "Function",
            "source": "https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2",
            "signature_version": "v1",
            "target": {
                "file": "src/Socket.cpp",
                "function": "Socket::startSslClient"
            },
            "deprecated": false,
            "id": "CVE-2021-44273-79006267"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "51099355436612688877461331241952407539",
                    "84869958030245548021741248928003404760",
                    "311604252843514328573653834232659919309",
                    "245098895109109632988598352585023675897"
                ]
            },
            "signature_type": "Line",
            "source": "https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2",
            "signature_version": "v1",
            "target": {
                "file": "src/Socket.cpp"
            },
            "deprecated": false,
            "id": "CVE-2021-44273-a848bf47"
        }
    ]
}