A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

bugzilla.redhat.com/show_bug.cgi?id=1963121

nvd.nist.gov/vuln/detail/CVE-2021-23017

www.cve.org/CVERecord?id=CVE-2021-23017

fedora 2

ibm 7

altlinux 1

osv 12

packetstorm 2

nessus 40

gentoo 1

ubuntucve 1

cloudlinux 2

rocky 3

zdt 2

oraclelinux 3

ubuntu 2

alpinelinux 1

redhat 10

archlinux 2

debian 2

almalinux 3

amazon 1

debiancve 1

redos 12

broadcom 2

githubexploit 3

nginx 1

veracode 1

suse 2

prion 1

f5 2

hackerone 1

mageia 1

freebsd 1

cve 1

cbl_mariner 1

exploitdb 1

photon 8

thn 1

malwarebytes 1

oracle 4

fedora

[SECURITY] Fedora 34 Update: nginx-1.20.1-2.fc34

2021-06-11 01:15:42

[SECURITY] Fedora 33 Update: nginx-1.20.1-2.fc33

2021-06-11 01:19:56

ibm

Security Bulletin: IBM API Connect V5 is impacted by a vulnerability in nginx. (CVE-2021-23017)

2021-08-25 13:37:28

Security Bulletin: IBM Watson Machine Learning Accelerator is affected by a vulnerability in Nginx

2021-08-31 01:55:01

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx

2021-10-01 06:18:54

altlinux

Security fix for the ALT Linux 9 package nginx version 1.20.1-alt1

2021-06-23 00:00:00

osv

nginx - security update

2021-05-30 00:00:00

nginx vulnerability

2021-05-26 13:50:49

BIT-nginx-2021-23017

2024-03-06 10:59:30

packetstorm

nginx 1.20.0 DNS Resolver Off-By-One Heap Write

2021-05-26 00:00:00

Nginx 1.20.0 Denial Of Service

2022-07-11 00:00:00

nessus

nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE

2021-06-03 00:00:00

openSUSE 15 Security Update : nginx (openSUSE-SU-2021:1815-1)

2021-07-16 00:00:00

Puppet Enterprise < 2019.8.7 / 2021.x < 2021.2 Nginx Vulnerability

2023-11-01 00:00:00

gentoo

nginx: Remote code execution

2021-05-26 00:00:00

ubuntucve

CVE-2021-23017

2021-05-25 00:00:00

cloudlinux

Fix of CVE: CVE-2021-23017

2021-09-21 22:02:21

Fix of CVE: CVE-2021-23017

2021-09-21 22:02:42

rocky

nginx:1.18 security update

2021-06-07 10:02:53

nginx:1.20 security update

2022-01-31 09:52:06

nginx:1.16 security update

2021-06-08 09:47:28

zdt

nginx 1.20.0 DNS Resolver Off-By-One Heap Write Exploit

2021-05-27 00:00:00

Nginx 1.20.0 - Denial of Service Exploit

2022-07-11 00:00:00

oraclelinux

nginx:1.20 security update

2022-02-01 00:00:00

nginx:1.18 security update

2021-06-08 00:00:00

nginx:1.16 security update

2021-06-10 00:00:00

ubuntu

nginx vulnerability

2021-05-27 00:00:00

nginx vulnerability

2021-05-26 00:00:00

alpinelinux

CVE-2021-23017

2021-06-01 13:15:00

redhat

(RHSA-2021:2258) Important: rh-nginx118-nginx security update

2021-06-07 06:41:51

(RHSA-2021:2290) Important: nginx:1.16 security update

2021-06-08 09:47:28

(RHSA-2021:2278) Important: rh-nginx116-nginx security update

2021-06-07 17:17:53

archlinux

[ASA-202106-48] nginx-mainline: arbitrary code execution

2021-06-22 00:00:00

[ASA-202106-36] nginx: arbitrary code execution

2021-06-15 00:00:00

debian

[SECURITY] [DSA 4921-1] nginx security update

2021-05-28 12:05:07

[SECURITY] [DLA 2670-1] nginx security update

2021-05-30 12:56:20

almalinux

Important: nginx:1.16 security update

2021-06-08 09:47:28

Important: nginx:1.18 security update

2021-06-07 10:02:53

Important: nginx:1.20 security update

2022-01-31 09:52:06

amazon

Important: nginx

2021-06-01 17:58:00

debiancve

CVE-2021-23017

2021-06-01 13:15:00

redos

ROS-2-600

2021-09-08 00:00:00

ROS-2-681

2021-09-08 00:00:00

ROS-2-528

2021-09-08 00:00:00

broadcom

CVE-2021-23017: NGINX Resolver Vulnerability

2022-11-08 00:00:00

CVE-2021-23017: NGINX Resolver Vulnerability

2022-11-08 00:00:00

githubexploit

Exploit for Off-by-one Error in F5 Nginx

2022-06-30 04:39:58

Exploit for Off-by-one Error in F5 Nginx

2023-07-20 05:39:01

Exploit for Off-by-one Error in F5 Nginx

2023-10-21 04:24:02

nginx

1-byte memory overwrite in resolver

2021-06-01 13:15:00

veracode

Remote Code Execution

2021-05-28 13:25:37

suse

Security update for nginx (important)

2021-06-04 00:00:00

Security update for nginx (important)

2021-07-11 00:00:00

prion

Memory corruption

2021-06-01 13:15:00

K12331123 : NGINX Plus and Open Source vulnerability CVE-2021-23017

2021-05-25 00:00:00

K52559937 : Overview of NGINX vulnerabilities (May 2021)

2021-05-25 00:00:00

hackerone

Internet Bug Bounty: 1-byte heap buffer overflow in DNS resolver

2021-05-27 10:32:41

mageia

Updated nginx package fixes a security vulnerability

2021-06-29 20:31:40

freebsd

NGINX -- 1-byte memory overwrite in resolver

2021-05-25 00:00:00

cve

CVE-2021-23017

2021-06-01 13:15:00

cbl_mariner

CVE-2021-23017 affecting package nginx 1.16.1-4

2021-06-14 15:32:58

exploitdb

Nginx 1.20.0 - Denial of Service (DOS)

2022-07-11 00:00:00

photon

Important Photon OS Security Update - PHSA-2021-0394

2021-05-27 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0394

2021-05-27 00:00:00

Important Photon OS Security Update - PHSA-2021-0032

2021-05-26 00:00:00

thn

Juniper Releases Patches for Critical Flaws in Junos OS and Contrail Networking

2022-07-18 05:02:00

malwarebytes

Oracle releases massive Critical Patch Update containing 520 security patches

2022-04-20 14:53:54

oracle

Oracle Critical Patch Update Advisory - January 2022

2022-01-18 00:00:00

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.582 Medium

EPSS

Percentile

97.7%

JSON

Related for RH:CVE-2021-23017