[NGINX:CVE-2021-23017] 1-byte memory overwrite in resolver
Severity
Medium
Affected Packages
1
Unaffected Packages
2
CVEs
1
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
| Package | Affected Version |
|---|---|
 pkg:nginx/nginx
|
>= 0.6.18, <= 1.20.0 |
| Package | Unaffected Version |
|---|---|
|
pkg:nginx/nginx
|
>= 1.21.0 |
|
pkg:nginx/nginx
|
>= 1.20.1 |
- ID
- NGINX:CVE-2021-23017
- Severity
- medium
- Published
-
2021-06-01T13:15:07
(3 years ago) - Modified
-
2021-06-01T13:15:07
(3 years ago) - Rights
- NGINX Security Team
- Other Advisories
-
-
ALAS-2021-1507
-
ALPINE:CVE-2021-23017
-
ALSA-2021:2259
-
ALSA-2021:2290
-
ALSA-2022:0323
-
ASA-202106-36
-
ASA-202106-48
-
DSA-4921-1
-
ELSA-2021-2259
-
ELSA-2021-2290
-
ELSA-2022-0323
-
FEDORA-2021-393d698493
-
FEDORA-2021-b37cffac0d
-
FREEBSD:0882F019-BD60-11EB-9BDD-8C164567CA3C
-
GLSA-202105-38
-
MS:CVE-2021-23017
-
openSUSE-SU-2021:0835-1
-
openSUSE-SU-2021:1815-1
-
RHSA-2021:2259
-
RHSA-2021:2290
-
RHSA-2022:0323
-
RLSA-2021:2259
-
RLSA-2021:2290
-
RLSA-2022:0323
-
SUSE-SU-2021:1792-1
-
SUSE-SU-2021:1814-1
-
SUSE-SU-2021:1815-1
-
SUSE-SU-2021:1839-1
-
USN-4967-1
-
USN-4967-2
-
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |