ID

VAR-202106-1921


CVE

CVE-2021-23017


TITLE

nginx  Vulnerability in determining boundary conditions in resolver

Trust: 0.8

sources: JVNDB: JVNDB-2021-007625

DESCRIPTION

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. nginx The resolver contains a vulnerability in determining boundary conditions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. A security flaw in nginx stems from a bug that could allow a remote attacker to execute arbitrary code on a target system. Affected products and versions are as follows: nginx: 0.6.18, 0.6.19 0.6.20, 0.6.21, 0.6.22 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6. A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network malicious user to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-23017). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-nginx116-nginx security update Advisory ID: RHSA-2021:2278-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2278 Issue date: 2021-06-07 CVE Names: CVE-2021-23017 ==================================================================== 1. Summary: An update for rh-nginx116-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The rh-nginx116-nginx service must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx116-nginx-1.16.1-6.el7.src.rpm ppc64le: rh-nginx116-nginx-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.ppc64le.rpm s390x: rh-nginx116-nginx-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.s390x.rpm x86_64: rh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-nginx116-nginx-1.16.1-6.el7.src.rpm ppc64le: rh-nginx116-nginx-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.ppc64le.rpm s390x: rh-nginx116-nginx-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.s390x.rpm x86_64: rh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nginx116-nginx-1.16.1-6.el7.src.rpm x86_64: rh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23017 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYL5eOtzjgjWX9erEAQgQEQ//T7Jz+AN/TKTzw7RA57QI4rVdLkv2hJHC 1cW6/iFbgfYF10HldhRJKBkGpBTPzb4yzt3y4oRDa35GTLw6zXZquosSaC9RXLq+ RKxU93XKaw1K/qAYqq3q9ZemMpL+ce3mXeaEoK8oQQtbdbYO53eqCQBRIdR0ucFE WFJBFrpVXKKKSb6qbvDUWJCIQLlF9YBPjt3RpgSwPXVOu/74Oe6/AutYmpjgKyt1 BIsZ7V2SliQNIBtgmAHq+dzBIuPpPCRtS6zCML/eIs3ZIUU80jbX9guyb1euN2L/ FlrAFUvSpp0Z72LM33qle6D0Zbe6yCxOxi5QjEIUcP735Z8hYxNWs8H+5HDGq3gl pKLGWLUJG0N0kfoK6RHKuDzPuNmAGm5KwNYu0xO+mdMbgj+rzr4lhe5Dz3+qh7o0 DiImaFoHvbilJvUbjUmvTvwL4DMZvk2oKUI6MDxlNp/TyDdwMraZDVhyOpc0frGU hHlLMr4k+gvTQnjlaf+cilYPHfTTRL7/kdPpjWLCcdZ0v68FC5MHcG/pqpRQUFKO xCNEMLixyH/gY8Ymm+047U2i2TITRb1X5rI+nWHBuEWexgie7cNSzfB++WJYIC07 R2tSuGLQP/eZQpSoHZavZ3KJVMKOsH/foI1DYbFn7gyqtP8wqQAhI4klXFYGeXqa O23scR4nPsc\xdc6n -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security fixes: * nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017) * redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626) * redis: Integer overflow issue with Streams (CVE-2021-32627) * redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628) * redis: Integer overflow issue with intsets (CVE-2021-32687) * redis: Integer overflow issue with strings (CVE-2021-41099) * redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672) * redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675) * helm: information disclosure vulnerability (CVE-2021-32690) Bug fixes: * KUBE-API: Support move agent to different cluster in the same namespace (BZ# 1977358) * Add columns to the Agent CRD list (BZ# 1977398) * ClusterDeployment controller watches all Secrets from all namespaces (BZ# 1986081) * RHACM 2.3.3 images (BZ# 1999365) * Workaround for Network Manager not supporting nmconnections priority (BZ# 2001294) * create cluster page empty in Safary Browser (BZ# 2002280) * Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object (BZ# 2002667) * Overview page displays VMware based managed cluster as other (BZ# 2004188) 3. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1977358 - [4.8.0] KUBE-API: Support move agent to different cluster in the same namespace 1977398 - [4.8.0] [master] Add columns to the Agent CRD list 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1986081 - [4.8.0] ClusterDeployment controller watches all Secrets from all namespaces 1999365 - RHACM 2.3.3 images 2001294 - [4.8.0] Workaround for Network Manager not supporting nmconnections priority 2002280 - create cluster page empty in Safary Browser 2002667 - Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object 2004188 - Overview page displays VMware based managed cluster as other 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 5. Description: Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. Container updates: * RHACM 2.1.11 images (BZ# 1999375) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. The following packages have been upgraded to a later upstream version: nginx (1.20.1). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4921-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2021-23017 Debian Bug : 989095 Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code. For the stable distribution (buster), this problem has been fixed in version 1.14.2-2+deb10u4. For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCw3CMACgkQEMKTtsN8 TjYgGA/9FlgRs/kkpLxlnM5ymYDA+WAmc44BiKLajlItjdw54nifSb7WJQifSjND wWz6/1Qc2R84mgovtdReIcgEQDDmm8iCpslsWt4r/iWT5m/tlZhkLhBN1AyhW8VS u1Goqt+hFkz0fZMzv1vf9MwRkUma8SjxNcQdjs4fHzyZAfo+QoV4Ir0I7DIMKkZk N5teHqHIMaDasRZFQSpL8NuZC+JN5EEpB764mV+O/YqVrWeE9QUAnL0FgjcQUnmh iQ5AmMJRtAnQXXu9Qkpx9WtDemHLFHC9JsWEKE3TJAegA4ZhfOo5MZcjesn6EoqV 8rXAAupWzO5/wTxMeulqz4HTLeYPs+jTSONHwT1oG9kgY59jVcNVjg2DcGbG3/17 ueZdGTy70pgLSL6IKILNBgqHh0AqSyyuZmocy07DNGay+HzwuFSBq4RCCved+EPW 4CMtIPSujjPzQqvg15gFNKt/7T2ZfKFR7zVfm0itI6KTjyAhmFhaNYNwWEifX68u 8akhscDlUxmDQG1kbQ2u/IZqWeKG/TpbqaaTrTl6U+Gl1hmRO06Y4AckW1Xwm2r4 CFSO9uHeNte5Vsw+4NlDntzRZOOfJ6qW8x0XF5Vgn7R9mfYPlvIWJgptsgrrijnf lhCPw5JMpzQ4afWlRUvQiaf0lOIySKIfv05wHPtIablmgjIGny4= =qxQw -----END PGP SIGNATURE-----

Trust: 2.61

sources: NVD: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // VULHUB: VHN-381503 // VULMON: CVE-2021-23017 // PACKETSTORM: 162992 // PACKETSTORM: 163003 // PACKETSTORM: 163013 // PACKETSTORM: 164523 // PACKETSTORM: 164562 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // PACKETSTORM: 165782 // PACKETSTORM: 169062

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:f5model:nginxscope:ltversion:1.20.1

Trust: 1.0

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:enterprise session border controllerscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:eqversion:3.4

Trust: 1.0

vendor:oraclemodel:goldengatescope:ltversion:21.4.0.0.0

Trust: 1.0

vendor:oraclemodel:communications fraud monitorscope:lteversion:4.4

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:eqversion:4.3

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:eqversion:4.4

Trust: 1.0

vendor:oraclemodel:enterprise telephony fraud monitorscope:eqversion:3.4

Trust: 1.0

vendor:oraclemodel:communications fraud monitorscope:gteversion:3.4

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:eqversion:4.2

Trust: 1.0

vendor:oraclemodel:enterprise telephony fraud monitorscope:eqversion:4.4

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:3.3.0

Trust: 1.0

vendor:oraclemodel:enterprise telephony fraud monitorscope:eqversion:4.3

Trust: 1.0

vendor:oraclemodel:enterprise telephony fraud monitorscope:eqversion:4.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:oraclemodel:communications control plane monitorscope:eqversion:4.4

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:8.4

Trust: 1.0

vendor:oraclemodel:communications control plane monitorscope:eqversion:3.4

Trust: 1.0

vendor:oraclemodel:communications control plane monitorscope:eqversion:4.3

Trust: 1.0

vendor:openrestymodel:openrestyscope:ltversion:1.19.3.2

Trust: 1.0

vendor:oraclemodel:blockchain platformscope:ltversion:21.1.2

Trust: 1.0

vendor:oraclemodel:communications control plane monitorscope:eqversion:4.2

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.6.18

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:enterprise session border controllerscope:eqversion:8.4

Trust: 1.0

vendor:オラクルmodel:oracle communications operations monitorscope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle enterprise telephony fraud monitorscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications control plane monitorscope: - version: -

Trust: 0.8

vendor:f5model:nginxscope: - version: -

Trust: 0.8

vendor:netappmodel:ontap select deploy administration utilityscope: - version: -

Trust: 0.8

vendor:openrestymodel:openrestyscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications fraud monitorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-007625 // NVD: CVE-2021-23017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-23017
value: HIGH

Trust: 1.0

NVD: CVE-2021-23017
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202105-1581
value: HIGH

Trust: 0.6

VULHUB: VHN-381503
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-23017
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-23017
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-381503
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-23017
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.2
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-23017
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-381503 // VULMON: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // CNNVD: CNNVD-202105-1581 // NVD: CVE-2021-23017

PROBLEMTYPE DATA

problemtype:CWE-193

Trust: 1.1

problemtype:Boundary condition judgment (CWE-193) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-381503 // JVNDB: JVNDB-2021-007625 // NVD: CVE-2021-23017

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1581

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202105-1581

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-381503

PATCH

title:Oracle Critical Patch Update Advisory - October 2021 Oracle Critical Patch Updateurl:https://support.f5.com/csp/article/K12331123

Trust: 0.8

title:Nginx Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154683

Trust: 0.6

title:Red Hat: Important: nginx:1.20 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220323 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: nginx: CVE-2021-23017: DNS Resolver off-by-one heap write vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=0339ada74619d10f752ff8ffaeb08207

Trust: 0.1

title:Debian Security Advisories: DSA-4921-1 nginx -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d6e7f162f0da2ae62b9b588e4f3e995a

Trust: 0.1

title:Amazon Linux AMI: ALAS-2021-1507url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1507

Trust: 0.1

title:Red Hat: CVE-2021-23017url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-23017

Trust: 0.1

title:Amazon Linux 2: ALASNGINX1-2023-003url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALASNGINX1-2023-003

Trust: 0.1

title:Arch Linux Advisories: [ASA-202106-36] nginx: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202106-36

Trust: 0.1

title:Arch Linux Advisories: [ASA-202106-48] nginx-mainline: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202106-48

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-23017 log

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/Logeswark/helmpackage

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/carayev/kubernetes-nginx-ingress

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/Hopecount123/ingress-controller-update

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/Aswinisurya99/ingress-ngininx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/StuartDickenson/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/rohankumardubey/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/ryanarabety/ingress-nginx-Kubernetes

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/doudou147/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/kartikeyaexpd/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/shaundaley39/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/shoebece/nginx-ingress

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/adityamillind98/ngins

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/maksonlee/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/caojian12345/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/msyhu/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/gmk-git/Kubernetes-Ingress

Trust: 0.1

title:CVE-2021-23017url:https://github.com/ShivamDey/CVE-2021-23017

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/MrE-Fog/ingress-nginxx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/luyuehm/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/lemonhope-mz/replica_kubernetes-nginx

Trust: 0.1

title:CVE-2021-23017-PoCurl:https://github.com/M507/CVE-2021-23017-PoC

Trust: 0.1

title:CVE-2021-23017-PoCurl:https://github.com/lakshit1212/CVE-2021-23017-PoC

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/zlz4642/ingress-nginx

Trust: 0.1

title:https://github.com/M507/M507url:https://github.com/M507/M507

Trust: 0.1

title:Polysphere Temp Blogurl:https://github.com/eggkingo/polyblog

Trust: 0.1

title:DC:4 Vulnhub Walkthroughurl:https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough

Trust: 0.1

title:https://github.com/teresaweber685/book_listurl:https://github.com/teresaweber685/book_list

Trust: 0.1

title:Mode Switching Frameworkurl:https://github.com/rmtec/modeswitcher

Trust: 0.1

title:https://github.com/bollwarm/SecToolSeturl:https://github.com/bollwarm/SecToolSet

Trust: 0.1

title:PoC in GitHuburl:https://github.com/soosmile/POC

Trust: 0.1

title:PoC in GitHuburl:https://github.com/manas3c/CVE-POC

Trust: 0.1

title:Github CVE Monitorurl:https://github.com/khulnasoft-lab/awesome-security

Trust: 0.1

title:Github CVE Monitorurl:https://github.com/khulnasoft-labs/awesome-security

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2022/07/15/cisa_critical_juniper_bugs/

Trust: 0.1

sources: VULMON: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // CNNVD: CNNVD-202105-1581

EXTERNAL IDS

db:NVDid:CVE-2021-23017

Trust: 4.3

db:PACKETSTORMid:167720

Trust: 1.8

db:PACKETSTORMid:163013

Trust: 0.8

db:PACKETSTORMid:165782

Trust: 0.8

db:PACKETSTORMid:163003

Trust: 0.8

db:PACKETSTORMid:164948

Trust: 0.8

db:JVNDBid:JVNDB-2021-007625

Trust: 0.8

db:PACKETSTORMid:162830

Trust: 0.7

db:PACKETSTORMid:162835

Trust: 0.7

db:PACKETSTORMid:162851

Trust: 0.7

db:EXPLOIT-DBid:50973

Trust: 0.7

db:PACKETSTORMid:164523

Trust: 0.7

db:PACKETSTORMid:164562

Trust: 0.7

db:PACKETSTORMid:164282

Trust: 0.7

db:CS-HELPid:SB2021052543

Trust: 0.6

db:CS-HELPid:SB2022041931

Trust: 0.6

db:CS-HELPid:SB2021092811

Trust: 0.6

db:CS-HELPid:SB2022071833

Trust: 0.6

db:CS-HELPid:SB2021052901

Trust: 0.6

db:CS-HELPid:SB2021060212

Trust: 0.6

db:CS-HELPid:SB2021100722

Trust: 0.6

db:CS-HELPid:SB2022012302

Trust: 0.6

db:CS-HELPid:SB2021052713

Trust: 0.6

db:CS-HELPid:SB2021060719

Trust: 0.6

db:CS-HELPid:SB2021060948

Trust: 0.6

db:CS-HELPid:SB2021061520

Trust: 0.6

db:CS-HELPid:SB2022012747

Trust: 0.6

db:CS-HELPid:SB2021062209

Trust: 0.6

db:AUSCERTid:ESB-2021.3878

Trust: 0.6

db:AUSCERTid:ESB-2021.1850

Trust: 0.6

db:AUSCERTid:ESB-2021.3485

Trust: 0.6

db:AUSCERTid:ESB-2021.1936

Trust: 0.6

db:AUSCERTid:ESB-2021.1802

Trust: 0.6

db:AUSCERTid:ESB-2021.3211

Trust: 0.6

db:AUSCERTid:ESB-2021.3430

Trust: 0.6

db:AUSCERTid:ESB-2021.1861

Trust: 0.6

db:AUSCERTid:ESB-2021.1817

Trust: 0.6

db:AUSCERTid:ESB-2021.2027

Trust: 0.6

db:AUSCERTid:ESB-2021.1973

Trust: 0.6

db:CXSECURITYid:WLB-2022070032

Trust: 0.6

db:CNNVDid:CNNVD-202105-1581

Trust: 0.6

db:PACKETSTORMid:162992

Trust: 0.2

db:PACKETSTORMid:162986

Trust: 0.1

db:PACKETSTORMid:162819

Trust: 0.1

db:VULHUBid:VHN-381503

Trust: 0.1

db:VULMONid:CVE-2021-23017

Trust: 0.1

db:PACKETSTORMid:169062

Trust: 0.1

sources: VULHUB: VHN-381503 // VULMON: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // PACKETSTORM: 162992 // PACKETSTORM: 163003 // PACKETSTORM: 163013 // PACKETSTORM: 164523 // PACKETSTORM: 164562 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // PACKETSTORM: 165782 // PACKETSTORM: 169062 // CNNVD: CNNVD-202105-1581 // NVD: CVE-2021-23017

REFERENCES

url:http://packetstormsecurity.com/files/167720/nginx-1.20.0-denial-of-service.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.4

url:https://security.netapp.com/advisory/ntap-20210708-0006/

Trust: 1.8

url:http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-23017

Trust: 1.7

url:https://support.f5.com/csp/article/k12331123%2c

Trust: 1.1

url:https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3cnotifications.apisix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3cnotifications.apisix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3cnotifications.apisix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3cnotifications.apisix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3cnotifications.apisix.apache.org%3e

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2021-23017

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/

Trust: 0.7

url:https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3cnotifications.apisix.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3cnotifications.apisix.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3cnotifications.apisix.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3cnotifications.apisix.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3cnotifications.apisix.apache.org%3e

Trust: 0.7

url:https://support.f5.com/csp/article/k12331123

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052713

Trust: 0.6

url:https://packetstormsecurity.com/files/163003/red-hat-security-advisory-2021-2278-01.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/nginx-buffer-overflow-via-dns-server-response-35526

Trust: 0.6

url:https://packetstormsecurity.com/files/164282/red-hat-security-advisory-2021-3653-01.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6492205

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041931

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1802

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-f5-nginx-controller-affect-ibm-cloud-pak-for-automation/

Trust: 0.6

url:https://packetstormsecurity.com/files/162851/ubuntu-security-notice-usn-4967-2.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060719

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3211

Trust: 0.6

url:https://packetstormsecurity.com/files/164523/red-hat-security-advisory-2021-3873-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021100722

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3430

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2022070032

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2027

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1850

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6483657

Trust: 0.6

url:https://packetstormsecurity.com/files/162835/gentoo-linux-security-advisory-202105-38.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052901

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071833

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052543

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060948

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1817

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3878

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062209

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1973

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1936

Trust: 0.6

url:https://www.exploit-db.com/exploits/50973

Trust: 0.6

url:https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012302

Trust: 0.6

url:https://packetstormsecurity.com/files/163013/red-hat-security-advisory-2021-2290-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092811

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3485

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021061520

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1861

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6525030

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012747

Trust: 0.6

url:https://packetstormsecurity.com/files/162830/nginx-1.20.0-dns-resolver-off-by-one-heap-write.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164562/red-hat-security-advisory-2021-3925-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/165782/red-hat-security-advisory-2022-0323-02.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060212

Trust: 0.6

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-22922

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-22923

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-22924

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-22922

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-22924

Trust: 0.4

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-36222

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-22923

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-32626

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-32687

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-32626

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-32675

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-3653

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-37750

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-32675

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-41099

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3653

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-32627

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-32687

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-32628

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-32672

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-32627

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-32672

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-32628

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2022:0323

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-41099

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3656

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3656

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32690

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32690

Trust: 0.2

url:https://support.f5.com/csp/article/k12331123,

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/193.html

Trust: 0.1

url:https://github.com/logeswark/helmpackage

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/gmk-git/kubernetes-ingress

Trust: 0.1

url:https://www.debian.org/security/2021/dsa-4921

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2021-1507.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2259

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2278

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2290

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23434

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3873

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21670

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21670

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25741

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21671

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4658

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3925

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37576

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21671

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25741

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37576

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27777

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29154

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31535

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3653

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32399

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29650

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27777

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32399

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29650

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22555

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31535

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22555

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33929

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0512

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32803

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33930

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3711

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36385

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32804

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36385

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32804

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0512

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3711

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33928

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3712

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33938

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32803

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/nginx

Trust: 0.1

sources: VULHUB: VHN-381503 // VULMON: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // PACKETSTORM: 162992 // PACKETSTORM: 163003 // PACKETSTORM: 163013 // PACKETSTORM: 164523 // PACKETSTORM: 164562 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // PACKETSTORM: 165782 // PACKETSTORM: 169062 // CNNVD: CNNVD-202105-1581 // NVD: CVE-2021-23017

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 162992 // PACKETSTORM: 163003 // PACKETSTORM: 163013 // PACKETSTORM: 164523 // PACKETSTORM: 164562 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // PACKETSTORM: 165782

SOURCES

db:VULHUBid:VHN-381503
db:VULMONid:CVE-2021-23017
db:JVNDBid:JVNDB-2021-007625
db:PACKETSTORMid:162992
db:PACKETSTORMid:163003
db:PACKETSTORMid:163013
db:PACKETSTORMid:164523
db:PACKETSTORMid:164562
db:PACKETSTORMid:164282
db:PACKETSTORMid:164948
db:PACKETSTORMid:165782
db:PACKETSTORMid:169062
db:CNNVDid:CNNVD-202105-1581
db:NVDid:CVE-2021-23017

LAST UPDATE DATE

2024-11-07T21:32:17.126000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-381503date:2022-09-14T00:00:00
db:VULMONid:CVE-2021-23017date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2021-007625date:2022-02-18T01:21:00
db:CNNVDid:CNNVD-202105-1581date:2022-09-15T00:00:00
db:NVDid:CVE-2021-23017date:2023-11-07T03:30:29.880

SOURCES RELEASE DATE

db:VULHUBid:VHN-381503date:2021-06-01T00:00:00
db:VULMONid:CVE-2021-23017date:2021-06-01T00:00:00
db:JVNDBid:JVNDB-2021-007625date:2022-02-18T00:00:00
db:PACKETSTORMid:162992date:2021-06-07T13:50:43
db:PACKETSTORMid:163003date:2021-06-07T20:59:09
db:PACKETSTORMid:163013date:2021-06-08T14:13:55
db:PACKETSTORMid:164523date:2021-10-15T15:06:44
db:PACKETSTORMid:164562date:2021-10-20T15:45:47
db:PACKETSTORMid:164282date:2021-09-24T15:49:04
db:PACKETSTORMid:164948date:2021-11-12T17:01:04
db:PACKETSTORMid:165782date:2022-01-31T16:24:54
db:PACKETSTORMid:169062date:2021-05-28T19:12:00
db:CNNVDid:CNNVD-202105-1581date:2021-05-25T00:00:00
db:NVDid:CVE-2021-23017date:2021-06-01T13:15:07.853