CVE-2021-3672
CVSS v3.1
5.6 (Medium)
CVSS v2.0
6.8 (Medium)
EPSS
0.18 % (56th)
Affected Products
17
Advisories
44
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
Weaknesses
- CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2021-11-23 19:15:07
(2 years ago) - Updated Date
-
2024-01-05 10:15:10
(8 months ago)
Affected Products
- Enterprise Linux
- Enterprise Linux Computer Node
- Enterprise Linux Eus
- Enterprise Linux For Ibm Z Systems
- Enterprise Linux For Ibm Z Systems Eus
- Enterprise Linux For Power Little Endian
- Enterprise Linux For Power Little Endian Eus
- Enterprise Linux Server Aus
- Enterprise Linux Server Tus
- Enterprise Linux Server Update Services For Sap Solutions
- Enterprise Linux Tus
- Enterprise Linux Workstation
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
|
Configuration #6
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...