Lucene search
MitreCVELIST:CVE-2021-43523HistoryNov 10, 2021 - 2:03 p.m.
CVE-2021-43523
2021-11-1014:03:56
mitre
www.cve.org
3
uclibc
uclibc-ng
dns servers
domain hijacking
injection
remote code execution
xss
application crashes
validation step
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur.
Related
nessus
nessus
CBL Mariner 2.0 Security Update: uclibc-ng (CVE-2021-43523)
2023-03-20 00:00:00
debiancve
debiancve
CVE-2021-43523
2021-11-10 15:15:12
nvd
nvd
CVE-2021-43523
2021-11-10 15:15:12
osv
osv
CVE-2021-43523
2021-11-10 15:15:12
cbl_mariner
cbl_mariner
CVE-2021-43523 affecting package uclibc-ng for versions less than 1.0.37-2
2022-04-09 06:51:44
CVE-2021-43523 affecting package uclibc-ng 1.0.37-2
2021-12-17 20:09:29
ubuntucve
ubuntucve
CVE-2021-43523
2021-11-10 00:00:00
prion
prion
Design/Logic Flaw
2021-11-10 15:15:00
cve
cve
CVE-2021-43523
2021-11-10 15:15:12
ics
ics
βHitachi Energy AFF66x
2023-08-22 12:00:00