1-byte memory overwrite might occur during DNS server response
processing if the “resolver” directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server
to cause worker process crash or, potentially, arbitrary code
execution.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchnginx< 1.20.1,2UNKNOWN
FreeBSDanynoarchnginx-devel< 1.21.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	nginx	< 1.20.1,2	UNKNOWN
FreeBSD	any	noarch	nginx-devel	< 1.21.0	UNKNOWN

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017

openvas 18

rocky 3

ubuntucve 1

gentoo 1

nessus 40

osv 12

packetstorm 2

ibm 7

altlinux 1

fedora 2

cloudlinux 2

zdt 2

redos 14

debiancve 1

amazon 1

redhat 10

ubuntu 2

broadcom 2

almalinux 3

nginx 1

githubexploit 3

veracode 1

suse 2

f5 2

debian 2

cbl_mariner 1

mageia 1

oraclelinux 3

prion 1

hackerone 1

cve 1

redhatcve 1

archlinux 2

alpinelinux 1

exploitdb 1

photon 8

thn 1

malwarebytes 1

oracle 4

openvas

SUSE: Security Advisory (SUSE-SU-2021:1814-1)

2021-06-09 00:00:00

Fedora: Security Advisory for nginx (FEDORA-2021-393d698493)

2021-06-17 00:00:00

Ubuntu: Security Advisory (USN-4967-1)

2021-05-27 00:00:00

rocky

nginx:1.18 security update

2021-06-07 10:02:53

nginx:1.16 security update

2021-06-08 09:47:28

nginx:1.20 security update

2022-01-31 09:52:06

ubuntucve

CVE-2021-23017

2021-05-25 00:00:00

gentoo

nginx: Remote code execution

2021-05-26 00:00:00

nessus

nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE

2021-06-03 00:00:00

openSUSE 15 Security Update : nginx (openSUSE-SU-2021:1815-1)

2021-07-16 00:00:00

openSUSE Security Update : nginx (openSUSE-2021-835)

2021-06-04 00:00:00

osv

nginx - security update

2021-05-30 00:00:00

nginx vulnerability

2021-05-26 13:50:49

BIT-nginx-2021-23017

2024-03-06 10:59:30

packetstorm

nginx 1.20.0 DNS Resolver Off-By-One Heap Write

2021-05-26 00:00:00

Nginx 1.20.0 Denial Of Service

2022-07-11 00:00:00

ibm

Security Bulletin: IBM API Connect V5 is impacted by a vulnerability in nginx. (CVE-2021-23017)

2021-08-25 13:37:28

Security Bulletin: IBM Watson Machine Learning Accelerator is affected by a vulnerability in Nginx

2021-08-31 01:55:01

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx

2021-10-01 06:18:54

altlinux

Security fix for the ALT Linux 9 package nginx version 1.20.1-alt1

2021-06-23 00:00:00

fedora

[SECURITY] Fedora 34 Update: nginx-1.20.1-2.fc34

2021-06-11 01:15:42

[SECURITY] Fedora 33 Update: nginx-1.20.1-2.fc33

2021-06-11 01:19:56

cloudlinux

Fix of CVE: CVE-2021-23017

2021-09-21 22:02:21

Fix of CVE: CVE-2021-23017

2021-09-21 22:02:42

zdt

nginx 1.20.0 DNS Resolver Off-By-One Heap Write Exploit

2021-05-27 00:00:00

Nginx 1.20.0 - Denial of Service Exploit

2022-07-11 00:00:00

redos

ROS-2-600

2021-09-08 00:00:00

ROS-2-528

2021-09-08 00:00:00

ROS-2-711

2021-09-08 00:00:00

debiancve

CVE-2021-23017

2021-06-01 13:15:00

amazon

Important: nginx

2021-06-01 17:58:00

redhat

(RHSA-2021:2290) Important: nginx:1.16 security update

2021-06-08 09:47:28

(RHSA-2021:2278) Important: rh-nginx116-nginx security update

2021-06-07 17:17:53

(RHSA-2021:2259) Important: nginx:1.18 security update

2021-06-07 10:02:53

ubuntu

nginx vulnerability

2021-05-26 00:00:00

nginx vulnerability

2021-05-27 00:00:00

broadcom

CVE-2021-23017: NGINX Resolver Vulnerability

2022-11-08 00:00:00

CVE-2021-23017: NGINX Resolver Vulnerability

2022-11-08 00:00:00

almalinux

Important: nginx:1.18 security update

2021-06-07 10:02:53

Important: nginx:1.20 security update

2022-01-31 09:52:06

Important: nginx:1.16 security update

2021-06-08 09:47:28

nginx

1-byte memory overwrite in resolver

2021-06-01 13:15:00

githubexploit

Exploit for Off-by-one Error in F5 Nginx

2023-07-20 05:39:01

Exploit for Off-by-one Error in F5 Nginx

2023-10-21 04:24:02

Exploit for Off-by-one Error in F5 Nginx

2022-06-30 04:39:58

veracode

Remote Code Execution

2021-05-28 13:25:37

suse

Security update for nginx (important)

2021-07-11 00:00:00

Security update for nginx (important)

2021-06-04 00:00:00

K12331123 : NGINX Plus and Open Source vulnerability CVE-2021-23017

2021-05-25 00:00:00

K52559937 : Overview of NGINX vulnerabilities (May 2021)

2021-05-25 00:00:00

debian

[SECURITY] [DLA 2670-1] nginx security update

2021-05-30 12:56:20

[SECURITY] [DSA 4921-1] nginx security update

2021-05-28 12:05:07

cbl_mariner

CVE-2021-23017 affecting package nginx 1.16.1-4

2021-06-14 15:32:58

mageia

Updated nginx package fixes a security vulnerability

2021-06-29 20:31:40

oraclelinux

nginx:1.16 security update

2021-06-10 00:00:00

nginx:1.20 security update

2022-02-01 00:00:00

nginx:1.18 security update

2021-06-08 00:00:00

prion

Memory corruption

2021-06-01 13:15:00

hackerone

Internet Bug Bounty: 1-byte heap buffer overflow in DNS resolver

2021-05-27 10:32:41

cve

CVE-2021-23017

2021-06-01 13:15:00

redhatcve

CVE-2021-23017

2021-05-26 08:17:46

archlinux

[ASA-202106-36] nginx: arbitrary code execution

2021-06-15 00:00:00

[ASA-202106-48] nginx-mainline: arbitrary code execution

2021-06-22 00:00:00

alpinelinux

CVE-2021-23017

2021-06-01 13:15:00

exploitdb

Nginx 1.20.0 - Denial of Service (DOS)

2022-07-11 00:00:00

photon

Important Photon OS Security Update - PHSA-2021-0394

2021-05-27 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0394

2021-05-27 00:00:00

Important Photon OS Security Update - PHSA-2021-0032

2021-05-26 00:00:00

thn

Juniper Releases Patches for Critical Flaws in Junos OS and Contrail Networking

2022-07-18 05:02:00

malwarebytes

Oracle releases massive Critical Patch Update containing 520 security patches

2022-04-20 14:53:54

oracle

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Oracle Critical Patch Update Advisory - January 2022

2022-01-18 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.582 Medium

EPSS

Percentile

97.7%

JSON

Related for 0882F019-BD60-11EB-9BDD-8C164567CA3C