CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

Published: Jun 1, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-23017
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.7
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-193

Affected Software
References

Software	From	Fixed in
f5 / nginx	0.6.18	1.20.1
openresty / openresty	-	1.19.3.2
fedoraproject / fedora	33	33.x
fedoraproject / fedora	34	34.x
oracle / communications_operations_monitor	3.4	3.4.x
oracle / enterprise_session_border_controller	8.4	8.4.x
oracle / communications_operations_monitor	4.2	4.2.x
oracle / communications_operations_monitor	4.3	4.3.x
oracle / communications_session_border_controller	8.4	8.4.x
oracle / enterprise_session_border_controller	9.0	9.0.x
oracle / communications_session_border_controller	9.0	9.0.x
oracle / enterprise_communications_broker	3.3.0	3.3.0.x
oracle / enterprise_telephony_fraud_monitor	4.2	4.2.x
oracle / enterprise_telephony_fraud_monitor	4.3	4.3.x
oracle / enterprise_telephony_fraud_monitor	4.4	4.4.x
oracle / enterprise_telephony_fraud_monitor	3.4	3.4.x
oracle / communications_operations_monitor	4.4	4.4.x
oracle / communications_fraud_monitor	3.4	4.4.x
oracle / communications_control_plane_monitor	4.2	4.2.x
oracle / communications_control_plane_monitor	4.3	4.3.x
oracle / communications_control_plane_monitor	4.4	4.4.x
oracle / communications_control_plane_monitor	3.4	3.4.x
oracle / goldengate	-	21.4.0.0.0
oracle / blockchain_platform	-	21.1.2

Vulnerability Database

300,445

CVE-2021-23017

Deep Security Visibility Without the Complexity