Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-23017
HistoryMay 25, 2021 - 12:00 a.m.

CVE-2021-23017

2021-05-2500:00:00
ubuntu.com
ubuntu.com
300
cve-2021-23017
nginx
resolver
udp
dns server
memory overwrite
worker process
unix

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

EPSS

0.389

Percentile

97.3%

A security issue in nginx resolver was identified, which might allow an
attacker who is able to forge UDP packets from the DNS server to cause
1-byte memory overwrite, resulting in worker process crash or potential
other impact.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchnginx< 1.14.0-0ubuntu1.9UNKNOWN
ubuntu20.04noarchnginx< 1.18.0-0ubuntu1.2UNKNOWN
ubuntu20.10noarchnginx< 1.18.0-6ubuntu2.2UNKNOWN
ubuntu21.04noarchnginx< 1.18.0-6ubuntu8.2UNKNOWN
ubuntu21.10noarchnginx< 1.18.0-6ubuntu9UNKNOWN
ubuntu22.04noarchnginx< 1.18.0-6ubuntu9UNKNOWN
ubuntu14.04noarchnginx< 1.4.6-1ubuntu3.9+esm2UNKNOWN
ubuntu16.04noarchnginx< 1.10.3-0ubuntu0.16.04.5+esm1UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

EPSS

0.389

Percentile

97.3%