Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2021-3672

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

  • Published: Nov 23, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-3672
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.6
  • AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
c-ares_project / c-ares 1.0.0 1.17.2
fedoraproject / fedora 33 33.x
fedoraproject / fedora 34 34.x
redhat / enterprise_linux 7.0 7.0.x
redhat / enterprise_linux 8.0 8.0.x
redhat / enterprise_linux_eus 7.7 7.7.x
redhat / enterprise_linux 7.7 7.7.x
redhat / enterprise_linux_eus 8.1 8.1.x
redhat / enterprise_linux_eus 8.2 8.2.x
redhat / enterprise_linux_server_tus 8.2 8.2.x
redhat / enterprise_linux_server_aus 8.2 8.2.x
redhat / enterprise_linux_tus 8.4 8.4.x
redhat / enterprise_linux_server_tus 8.4 8.4.x
redhat / enterprise_linux_eus 8.4 8.4.x
redhat / enterprise_linux_server_aus 8.4 8.4.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 8.2 8.2.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 8.4 8.4.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 8.1 8.1.x
redhat / enterprise_linux_for_power_little_endian_eus 8.2 8.2.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.2 8.2.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.1 8.1.x
redhat / enterprise_linux_for_power_little_endian_eus 8.1 8.1.x
redhat / enterprise_linux_for_power_little_endian 8.0 8.0.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.4 8.4.x
redhat / enterprise_linux_for_ibm_z_systems 8.0 8.0.x
redhat / enterprise_linux_for_power_little_endian_eus 8.4 8.4.x
redhat / enterprise_linux_computer_node 1 1.x
redhat / enterprise_linux_workstation 1 1.x
siemens / sinec_infrastructure_network_services - 1.0.1.1
nodejs / node.js 16.0.0 16.6.2
nodejs / node.js 14.0.0 14.14.0.x
nodejs / node.js 12.13.0 12.22.5
nodejs / node.js 12.0.0 12.12.0.x
nodejs / node.js 14.15.0 14.17.5
pgbouncer / pgbouncer - 1.17.0.x