CVE-2021-23017

🗓️ 01 Jun 2021 12:28:09Reported by f5Type

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 6049 Views

A security issue in nginx resolver may cause 1-byte memory overwrite

Reporter	Title	Published	Views	Family All 301
GithubExploit	Exploit for Off-by-one Error in F5 Nginx	30 Jun 202204:39	–	githubexploit
GithubExploit	Exploit for Off-by-one Error in F5 Nginx	20 Jul 202305:39	–	githubexploit
GithubExploit	Exploit for Off-by-one Error in F5 Nginx	8 Dec 202409:47	–	githubexploit
GithubExploit	Exploit for Off-by-one Error in F5 Nginx	4 Sep 202509:49	–	githubexploit
GithubExploit	Exploit for Off-by-one Error in F5 Nginx	21 Oct 202304:24	–	githubexploit
FreeBSD	NGINX -- 1-byte memory overwrite in resolver	25 May 202100:00	–	freebsd
0day.today	nginx 1.20.0 DNS Resolver Off-By-One Heap Write Exploit	27 May 202100:00	–	zdt
0day.today	Nginx 1.20.0 - Denial of Service Exploit	11 Jul 202200:00	–	zdt
IBM Security Bulletins	Security Bulletin: IBM API Connect V5 is impacted by a vulnerability in nginx. (CVE-2021-23017)	25 Aug 202113:37	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.	11 Apr 202311:47	–	ibm

NVD

Node

f5 nginxRange0.6.18–1.20.1

Node

openresty openrestyRange<1.19.3.2

Node

fedoraproject fedoraMatch33

fedoraproject fedoraMatch34

Node

netapp ontap_select_deploy_administration_utilityMatch-

Node

oracle blockchain_platformRange<21.1.2

oracle communications_control_plane_monitorMatch3.4

oracle communications_control_plane_monitorMatch4.2

oracle communications_control_plane_monitorMatch4.3

oracle communications_control_plane_monitorMatch4.4

oracle communications_fraud_monitorRange3.4–4.4

oracle communications_operations_monitorMatch3.4

oracle communications_operations_monitorMatch4.2

oracle communications_operations_monitorMatch4.3

oracle communications_operations_monitorMatch4.4

oracle communications_session_border_controllerMatch8.4

oracle communications_session_border_controllerMatch9.0

oracle enterprise_communications_brokerMatch3.3.0

oracle enterprise_session_border_controllerMatch8.4

oracle enterprise_session_border_controllerMatch9.0

oracle enterprise_telephony_fraud_monitorMatch3.4

oracle enterprise_telephony_fraud_monitorMatch4.2

oracle enterprise_telephony_fraud_monitorMatch4.3

oracle enterprise_telephony_fraud_monitorMatch4.4

oracle goldengateRange<21.4.0.0.0

[
  {
    "product": "Nginx Web Server, Nginx Plus",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Nginx Web Server versions 0.6.18 thru 1.20.0 before 1.20.1, Nginx plus versions R13 thru R23 before R23 P1. Nginx plus version R24 before R24 P1"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3Cnotifications.apisix.apache.org%3E
mailman	www.mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
packetstormsecurity	www.packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html
security	www.security.netapp.com/advisory/ntap-20210708-0006/
support	www.support.f5.com/csp/article/K12331123%2C
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/
oracle	www.oracle.com/security-alerts/cpujan2022.html
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/
oracle	www.oracle.com/security-alerts/cpuapr2022.html
lists	www.lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3Cnotifications.apisix.apache.org%3E

21 Nov 2024 05:51Current

6.3Medium risk

Vulners AI Score6.3

CVSS 26.8

CVSS 3.17.7

EPSS0.73544

CWE-193