CVE-2021-23017
published 2021-06-01CVE-2021-23017: A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory…
high7.7CVSS 3.1
AVNACHPRNUINSUCHIHAL
EXPLOIT
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nginx | < nginx 1.18.0-6.1 (bookworm) | nginx 1.18.0-6.1 (bookworm) |
| f5 | nginx | — | — |
| f5 | nginx | >= 0 < 1.18.0-6.1 | 1.18.0-6.1 |
| f5 | nginx | >= 0 < 1.18.0-6.1 | 1.18.0-6.1 |
| f5 | nginx | >= 0 < 1.18.0-6.1 | 1.18.0-6.1 |
| f5 | nginx | >= 0 < 1.18.0-6.1 | 1.18.0-6.1 |
| f5 | nginx | >= 0.6.18 < 1.20.1 | 1.20.1 |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cm1_nginx_1.20.1-1_on_cbl_mariner_1.0 | — | — |
| openresty | openresty | < 1.19.3.2 | 1.19.3.2 |
| oracle | blockchain_platform | < 21.1.2 | 21.1.2 |
| oracle | communications_control_plane_monitor | — | — |
| oracle | communications_control_plane_monitor | — | — |
| oracle | communications_control_plane_monitor | — | — |
| oracle | communications_control_plane_monitor | — | — |
| oracle | communications_fraud_monitor | 3.4 – 4.4 | — |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_session_border_controller | — | — |
| oracle | communications_session_border_controller | — | — |
| oracle | enterprise_communications_broker | — | — |
| oracle | enterprise_session_border_controller | — | — |
CVSS provenance
nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
osv7.7HIGH