1. Home
  2. Vulnerabilities
  3. CVE-2021-23017

CVE-2021-23017

CVSS v3.1 7.7 (High)
77% Progress
CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 38.95 % (97th)
38.95% Progress
Affected Products 13
Advisories 31
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

Weaknesses
CWE-193
Off-by-one Error
CVE Status
PUBLISHED
CNA
F5 Networks
Published Date
2021-06-01 13:15:07
(3 years ago)
Updated Date
2023-11-07 03:30:29
(10 months ago)

Affected Products

F5

Fedoraproject

Netapp

Openresty

Oracle

Configuration #1

    CPE23 From Up To
  F5 Nginx from 0.6.18 version and prior 1.20.1 version cpe:2.3:a:f5:nginx >= 0.6.18 < 1.20.1

Configuration #2

    CPE23 From Up To
  Openresty prior 1.19.3.2 version cpe:2.3:a:openresty:openresty < 1.19.3.2

Configuration #3

    CPE23 From Up To
  Fedoraproject Fedora 33 cpe:2.3:o:fedoraproject:fedora:33
  Fedoraproject Fedora 34 cpe:2.3:o:fedoraproject:fedora:34

Configuration #4

    CPE23 From Up To
  Netapp Ontap Select Deploy Administration Utility cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-

Configuration #5

    CPE23 From Up To
  Oracle Blockchain Platform prior 21.1.2 version cpe:2.3:a:oracle:blockchain_platform < 21.1.2
  Oracle Communications Control Plane Monitor 3.4 cpe:2.3:a:oracle:communications_control_plane_monitor:3.4
  Oracle Communications Control Plane Monitor 4.2 cpe:2.3:a:oracle:communications_control_plane_monitor:4.2
  Oracle Communications Control Plane Monitor 4.3 cpe:2.3:a:oracle:communications_control_plane_monitor:4.3
  Oracle Communications Control Plane Monitor 4.4 cpe:2.3:a:oracle:communications_control_plane_monitor:4.4
  Oracle Communications Fraud Monitor from 3.4 version and 4.4 and prior versions cpe:2.3:a:oracle:communications_fraud_monitor >= 3.4 <= 4.4
  Oracle Communications Operations Monitor 3.4 cpe:2.3:a:oracle:communications_operations_monitor:3.4
  Oracle Communications Operations Monitor 4.2 cpe:2.3:a:oracle:communications_operations_monitor:4.2
  Oracle Communications Operations Monitor 4.3 cpe:2.3:a:oracle:communications_operations_monitor:4.3
  Oracle Communications Operations Monitor 4.4 cpe:2.3:a:oracle:communications_operations_monitor:4.4
  Oracle Communications Session Border Controller 8.4 cpe:2.3:a:oracle:communications_session_border_controller:8.4
  Oracle Communications Session Border Controller 9.0 cpe:2.3:a:oracle:communications_session_border_controller:9.0
  Oracle Enterprise Communications Broker 3.3.0 cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0
  Oracle Enterprise Session Border Controller 8.4 cpe:2.3:a:oracle:enterprise_session_border_controller:8.4
  Oracle Enterprise Session Border Controller 9.0 cpe:2.3:a:oracle:enterprise_session_border_controller:9.0
  Oracle Enterprise Telephony Fraud Monitor 3.4 cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:3.4
  Oracle Enterprise Telephony Fraud Monitor 4.2 cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.2
  Oracle Enterprise Telephony Fraud Monitor 4.3 cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.3
  Oracle Enterprise Telephony Fraud Monitor 4.4 cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.4
  Oracle Goldengate prior 21.4.0.0.0 version cpe:2.3:a:oracle:goldengate < 21.4.0.0.0