DEBIAN-CVE-2021-44273

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2021-44273
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-44273.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-44273
Upstream
Published
2021-12-23T12:15:07Z
Modified
2025-09-19T07:31:53.748420Z
Summary
[none]
Details

e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.

References

Affected packages

Debian:11 / e2guardian

Package

Name
e2guardian
Purl
pkg:deb/debian/e2guardian?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.4-1+deb11u1

Affected versions

5.*

5.3.4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / e2guardian

Package

Name
e2guardian
Purl
pkg:deb/debian/e2guardian?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.5-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / e2guardian

Package

Name
e2guardian
Purl
pkg:deb/debian/e2guardian?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.5-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / e2guardian

Package

Name
e2guardian
Purl
pkg:deb/debian/e2guardian?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.5-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}