Lucene search

K
nvd[email protected]NVD:CVE-2021-23017
HistoryJun 01, 2021 - 1:15 p.m.

CVE-2021-23017

2021-06-0113:15:07
CWE-193
web.nvd.nist.gov
7
nginx
resolver
udp
packet forging
memory overwrite
worker process crash
dns server

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

EPSS

0.389

Percentile

97.3%

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

Affected configurations

Nvd
Node
f5nginxRange0.6.181.20.1
Node
openrestyopenrestyRange<1.19.3.2
Node
fedoraprojectfedoraMatch33
OR
fedoraprojectfedoraMatch34
Node
netappontap_select_deploy_administration_utilityMatch-
Node
oracleblockchain_platformRange<21.1.2
OR
oraclecommunications_control_plane_monitorMatch3.4
OR
oraclecommunications_control_plane_monitorMatch4.2
OR
oraclecommunications_control_plane_monitorMatch4.3
OR
oraclecommunications_control_plane_monitorMatch4.4
OR
oraclecommunications_fraud_monitorRange3.44.4
OR
oraclecommunications_operations_monitorMatch3.4
OR
oraclecommunications_operations_monitorMatch4.2
OR
oraclecommunications_operations_monitorMatch4.3
OR
oraclecommunications_operations_monitorMatch4.4
OR
oraclecommunications_session_border_controllerMatch8.4
OR
oraclecommunications_session_border_controllerMatch9.0
OR
oracleenterprise_communications_brokerMatch3.3.0
OR
oracleenterprise_session_border_controllerMatch8.4
OR
oracleenterprise_session_border_controllerMatch9.0
OR
oracleenterprise_telephony_fraud_monitorMatch3.4
OR
oracleenterprise_telephony_fraud_monitorMatch4.2
OR
oracleenterprise_telephony_fraud_monitorMatch4.3
OR
oracleenterprise_telephony_fraud_monitorMatch4.4
OR
oraclegoldengateRange<21.4.0.0.0

References

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

EPSS

0.389

Percentile

97.3%