[NGINX:CVE-2021-23017] 1-byte memory overwrite in resolver
Severity
Medium
Affected Packages
1
Unaffected Packages
2
CVEs
1
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Package | Affected Version |
---|---|
pkg:nginx/nginx | >= 0.6.18, <= 1.20.0 |
Package | Unaffected Version |
---|---|
pkg:nginx/nginx | >= 1.21.0 |
pkg:nginx/nginx | >= 1.20.1 |
- ID
- NGINX:CVE-2021-23017
- Severity
- medium
- Published
-
2021-06-01T13:15:07
(3 years ago) - Modified
-
2021-06-01T13:15:07
(3 years ago) - Rights
- NGINX Security Team
- Other Advisories
-
- ALAS-2021-1507
- ALPINE:CVE-2021-23017
- ALSA-2021:2259
- ALSA-2021:2290
- ALSA-2022:0323
- ASA-202106-36
- ASA-202106-48
- DSA-4921-1
- ELSA-2021-2259
- ELSA-2021-2290
- ELSA-2022-0323
- FEDORA-2021-393d698493
- FEDORA-2021-b37cffac0d
- FREEBSD:0882F019-BD60-11EB-9BDD-8C164567CA3C
- GLSA-202105-38
- MS:CVE-2021-23017
- openSUSE-SU-2021:0835-1
- openSUSE-SU-2021:1815-1
- RHSA-2021:2259
- RHSA-2021:2290
- RHSA-2022:0323
- RLSA-2021:2259
- RLSA-2021:2290
- RLSA-2022:0323
- SUSE-SU-2021:1792-1
- SUSE-SU-2021:1814-1
- SUSE-SU-2021:1815-1
- SUSE-SU-2021:1839-1
- USN-4967-1
- USN-4967-2
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |