Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-23017

Опубликовано: 01 июн. 2021
Источник: nvd
CVSS3: 7.7
CVSS2: 6.8
EPSS Высокий

Описание

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
Версия от 0.6.18 (включая) до 1.20.1 (исключая)
Конфигурация 2
cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*
Версия до 1.19.3.2 (исключая)
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
Версия до 21.1.2 (исключая)
cpe:2.3:a:oracle:communications_control_plane_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_control_plane_monitor:4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_control_plane_monitor:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_control_plane_monitor:4.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_fraud_monitor:*:*:*:*:*:*:*:*
Версия от 3.4 (включая) до 4.4 (включая)
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
Версия до 21.4.0.0.0 (исключая)

EPSS

Процентиль: 99%
0.76458
Высокий

7.7 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-193
CWE-193

Связанные уязвимости

ubuntu логотип

CVE-2021-23017

CVSS3: 7.7
ubuntu
около 4 лет назад

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

redhat логотип

CVE-2021-23017

CVSS3: 8.1
redhat
около 4 лет назад

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

msrc логотип

CVE-2021-23017

CVSS3: 7.7
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-23017

CVSS3: 7.7
debian
около 4 лет назад

A security issue in nginx resolver was identified, which might allow a ...

suse-cvrf логотип

openSUSE-SU-2021:1815-1

suse-cvrf
почти 4 года назад

Security update for nginx

EPSS

Процентиль: 99%
0.76458
Высокий

7.7 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-193
CWE-193