Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx
incorrectly handled responses to the DNS resolver. A remote attacker could
use this issue to cause nginx to crash, resulting in a denial of service,
or possibly execute arbitrary code.

OSVersionArchitecturePackageVersionFilename
Ubuntu21.04noarchnginx-common< 1.18.0-6ubuntu8.2UNKNOWN
Ubuntu21.04noarchlibnginx-mod-http-auth-pam< 1.18.0-6ubuntu8.2UNKNOWN
Ubuntu21.04noarchlibnginx-mod-http-auth-pam-dbgsym< 1.18.0-6ubuntu8.2UNKNOWN
Ubuntu21.04noarchlibnginx-mod-http-cache-purge< 1.18.0-6ubuntu8.2UNKNOWN
Ubuntu21.04noarchlibnginx-mod-http-cache-purge-dbgsym< 1.18.0-6ubuntu8.2UNKNOWN
Ubuntu21.04noarchlibnginx-mod-http-dav-ext< 1.18.0-6ubuntu8.2UNKNOWN
Ubuntu21.04noarchlibnginx-mod-http-dav-ext-dbgsym< 1.18.0-6ubuntu8.2UNKNOWN
Ubuntu21.04noarchlibnginx-mod-http-echo< 1.18.0-6ubuntu8.2UNKNOWN
Ubuntu21.04noarchlibnginx-mod-http-echo-dbgsym< 1.18.0-6ubuntu8.2UNKNOWN
Ubuntu21.04noarchlibnginx-mod-http-fancyindex< 1.18.0-6ubuntu8.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	21.04	noarch	nginx-common	< 1.18.0-6ubuntu8.2	UNKNOWN
Ubuntu	21.04	noarch	libnginx-mod-http-auth-pam	< 1.18.0-6ubuntu8.2	UNKNOWN
Ubuntu	21.04	noarch	libnginx-mod-http-auth-pam-dbgsym	< 1.18.0-6ubuntu8.2	UNKNOWN
Ubuntu	21.04	noarch	libnginx-mod-http-cache-purge	< 1.18.0-6ubuntu8.2	UNKNOWN
Ubuntu	21.04	noarch	libnginx-mod-http-cache-purge-dbgsym	< 1.18.0-6ubuntu8.2	UNKNOWN
Ubuntu	21.04	noarch	libnginx-mod-http-dav-ext	< 1.18.0-6ubuntu8.2	UNKNOWN
Ubuntu	21.04	noarch	libnginx-mod-http-dav-ext-dbgsym	< 1.18.0-6ubuntu8.2	UNKNOWN
Ubuntu	21.04	noarch	libnginx-mod-http-echo	< 1.18.0-6ubuntu8.2	UNKNOWN
Ubuntu	21.04	noarch	libnginx-mod-http-echo-dbgsym	< 1.18.0-6ubuntu8.2	UNKNOWN
Ubuntu	21.04	noarch	libnginx-mod-http-fancyindex	< 1.18.0-6ubuntu8.2	UNKNOWN

Rows per page:

1-10 of 2061

References

ubuntu.com/security/CVE-2021-23017

ibm 7

fedora 2

nessus 41

osv 12

altlinux 1

ubuntucve 1

zdt 2

openvas 18

gentoo 1

packetstorm 2

cloudlinux 2

rocky 3

redhat 10

redos 14

debiancve 1

amazon 1

cvelist 1

veracode 1

githubexploit 3

nginx 1

almalinux 3

broadcom 2

suse 2

oraclelinux 3

cbl_mariner 1

f5 2

debian 2

hackerone 1

redhatcve 1

prion 1

mageia 1

freebsd 1

cve 1

alpinelinux 1

archlinux 2

ubuntu 1

exploitdb 1

photon 8

thn 1

malwarebytes 1

oracle 4

ibm

Security Bulletin: IBM API Connect V5 is impacted by a vulnerability in nginx. (CVE-2021-23017)

2021-08-25 13:37:28

Security Bulletin: IBM Watson Machine Learning Accelerator is affected by a vulnerability in Nginx

2021-08-31 01:55:01

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx

2021-10-01 06:18:54

fedora

[SECURITY] Fedora 34 Update: nginx-1.20.1-2.fc34

2021-06-11 01:15:42

[SECURITY] Fedora 33 Update: nginx-1.20.1-2.fc33

2021-06-11 01:19:56

nessus

openSUSE 15 Security Update : nginx (openSUSE-SU-2021:1815-1)

2021-07-16 00:00:00

nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE

2021-06-03 00:00:00

openSUSE Security Update : nginx (openSUSE-2021-835)

2021-06-04 00:00:00

osv

nginx vulnerability

2021-05-26 13:50:49

nginx - security update

2021-05-30 00:00:00

nginx - security update

2021-05-28 00:00:00

altlinux

Security fix for the ALT Linux 9 package nginx version 1.20.1-alt1

2021-06-23 00:00:00

ubuntucve

CVE-2021-23017

2021-05-25 00:00:00

zdt

nginx 1.20.0 DNS Resolver Off-By-One Heap Write Exploit

2021-05-27 00:00:00

Nginx 1.20.0 - Denial of Service Exploit

2022-07-11 00:00:00

openvas

openSUSE: Security Advisory for nginx (openSUSE-SU-2021:0835-1)

2021-06-04 00:00:00

openSUSE: Security Advisory for nginx (openSUSE-SU-2021:1815-1)

2021-07-13 00:00:00

Ubuntu: Security Advisory (USN-4967-1)

2021-05-27 00:00:00

gentoo

nginx: Remote code execution

2021-05-26 00:00:00

packetstorm

nginx 1.20.0 DNS Resolver Off-By-One Heap Write

2021-05-26 00:00:00

Nginx 1.20.0 Denial Of Service

2022-07-11 00:00:00

cloudlinux

Fix of CVE: CVE-2021-23017

2021-09-21 22:02:21

Fix of CVE: CVE-2021-23017

2021-09-21 22:02:42

rocky

nginx:1.18 security update

2021-06-07 10:02:53

nginx:1.20 security update

2022-01-31 09:52:06

nginx:1.16 security update

2021-06-08 09:47:28

redhat

(RHSA-2021:2290) Important: nginx:1.16 security update

2021-06-08 09:47:28

(RHSA-2021:2278) Important: rh-nginx116-nginx security update

2021-06-07 17:17:53

(RHSA-2022:0323) Important: nginx:1.20 security update

2022-01-31 09:52:06

redos

ROS-2-600

2021-09-08 00:00:00

ROS-2-528

2021-09-08 00:00:00

ROS-2-711

2021-09-08 00:00:00

debiancve

CVE-2021-23017

2021-06-01 13:15:00

amazon

Important: nginx

2021-06-01 17:58:00

cvelist

CVE-2021-23017

2021-06-01 12:28:09

veracode

Remote Code Execution

2021-05-28 13:25:37

githubexploit

Exploit for Off-by-one Error in F5 Nginx

2022-06-30 04:39:58

Exploit for Off-by-one Error in F5 Nginx

2023-07-20 05:39:01

Exploit for Off-by-one Error in F5 Nginx

2023-10-21 04:24:02

nginx

1-byte memory overwrite in resolver

2021-06-01 13:15:00

almalinux

Important: nginx:1.18 security update

2021-06-07 10:02:53

Important: nginx:1.20 security update

2022-01-31 09:52:06

Important: nginx:1.16 security update

2021-06-08 09:47:28

broadcom

CVE-2021-23017: NGINX Resolver Vulnerability

2022-11-08 00:00:00

CVE-2021-23017: NGINX Resolver Vulnerability

2022-11-08 00:00:00

suse

Security update for nginx (important)

2021-06-04 00:00:00

Security update for nginx (important)

2021-07-11 00:00:00

oraclelinux

nginx:1.16 security update

2021-06-10 00:00:00

nginx:1.20 security update

2022-02-01 00:00:00

nginx:1.18 security update

2021-06-08 00:00:00

cbl_mariner

CVE-2021-23017 affecting package nginx 1.16.1-4

2021-06-14 15:32:58

K12331123 : NGINX Plus and Open Source vulnerability CVE-2021-23017

2021-05-25 00:00:00

K52559937 : Overview of NGINX vulnerabilities (May 2021)

2021-05-25 00:00:00

debian

[SECURITY] [DLA 2670-1] nginx security update

2021-05-30 12:57:15

[SECURITY] [DSA 4921-1] nginx security update

2021-05-28 12:05:27

hackerone

Internet Bug Bounty: 1-byte heap buffer overflow in DNS resolver

2021-05-27 10:32:41

redhatcve

CVE-2021-23017

2021-05-26 08:17:46

prion

Memory corruption

2021-06-01 13:15:00

mageia

Updated nginx package fixes a security vulnerability

2021-06-29 20:31:40

freebsd

NGINX -- 1-byte memory overwrite in resolver

2021-05-25 00:00:00

cve

CVE-2021-23017

2021-06-01 13:15:00

alpinelinux

CVE-2021-23017

2021-06-01 13:15:00

archlinux

[ASA-202106-48] nginx-mainline: arbitrary code execution

2021-06-22 00:00:00

[ASA-202106-36] nginx: arbitrary code execution

2021-06-15 00:00:00

ubuntu

nginx vulnerability

2021-05-27 00:00:00

exploitdb

Nginx 1.20.0 - Denial of Service (DOS)

2022-07-11 00:00:00

photon

Important Photon OS Security Update - PHSA-2021-0394

2021-05-27 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0394

2021-05-27 00:00:00

Important Photon OS Security Update - PHSA-2021-0032

2021-05-26 00:00:00

thn

Juniper Releases Patches for Critical Flaws in Junos OS and Contrail Networking

2022-07-18 05:02:00

malwarebytes

Oracle releases massive Critical Patch Update containing 520 security patches

2022-04-20 14:53:54

oracle

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Oracle Critical Patch Update Advisory - January 2022

2022-01-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

8.5 High

AI Score

Confidence

High

0.52 Medium

EPSS

Percentile

97.6%

JSON

Related for USN-4967-1