CVE-2021-23017

critical

Description

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

References

http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html

https://support.f5.com/csp/article/K12331123,

https://lists.apache.org/thread.html/[email protected]%3Cnotifications.apisix.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cnotifications.apisix.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cnotifications.apisix.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cnotifications.apisix.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cnotifications.apisix.apache.org%3E

https://lists.fedoraproject.org/archives/list/[email protected]/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/

https://lists.fedoraproject.org/archives/list/[email protected]/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/

https://security.netapp.com/advisory/ntap-20210708-0006/

https://www.oracle.com/security-alerts/cpuoct2021.html

https://www.oracle.com/security-alerts/cpujan2022.html

https://www.oracle.com/security-alerts/cpuapr2022.html

Details

Source: MITRE

Published: 2021-06-01

Updated: 2022-05-10

Type: CWE-193

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 9.4

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Impact Score: 5.5

Exploitability Score: 3.9

Severity: CRITICAL