Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2021-23017
Severity
7.7HIGH
EPSS
73.5%
top 1.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJun 1
Latest updateApr 15
Description
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:LExploitability: 2.2 | Impact: 5.5
Affected Packages12 packages
Also affects: Fedora 33, 34
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-83p9-mcpm-374v: A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte↗2022-05-24
OSV▶
CVE-2021-23017: A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte↗2021-06-01
CVEList▶
CVE-2021-23017: A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte↗2021-06-01
💥Exploits & PoCs
1📋Vendor Advisories
10Oracle
▶
Oracle▶
Oracle Oracle GoldenGate Risk Matrix: GG Market Place for Support (nginx) — CVE-2021-23017↗2022-01-15
Microsoft▶
A security issue in nginx resolver was identified which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite resulting in worker process crash ↗2021-06-08