CVE-2021-23017

2021-05-26T08:17:46
ID RH:CVE-2021-23017
Type redhatcve
Reporter redhat.com
Modified 2021-06-11T09:49:06

Description

A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.