Details of VAR-202106-1921

ID

VAR-202106-1921

CVE

CVE-2021-23017

TITLE

nginx Vulnerability in determining boundary conditions in resolver

Trust: 0.8

sources: JVNDB: JVNDB-2021-007625

DESCRIPTION

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. nginx The resolver contains a vulnerability in determining boundary conditions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. Affected products and versions are as follows: nginx: 0.6.18, 0.6.19 0.6.20, 0.6.21, 0.6.22 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6. A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network malicious user to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-23017). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-38 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: nginx: Remote code execution Date: May 26, 2021 Bugs: #792087 ID: 202105-38 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in nginx could lead to remote code execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 1.21.0 >= 1.20.1:0 >= 1.21.0:mainline Description =========== It was discovered that nginx did not properly handle DNS responses when "resolver" directive is used. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.20.1" All nginx mainline users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-servers/nginx-1.21.0:mainline" References ========== [ 1 ] CVE-2021-23017 https://nvd.nist.gov/vuln/detail/CVE-2021-23017 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202105-38 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-4967-2 May 27, 2021 nginx vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: nginx could be made to crash or run programs if it received specially crafted network traffic. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: nginx 1.10.3-0ubuntu0.16.04.5+esm1 nginx-common 1.10.3-0ubuntu0.16.04.5+esm1 nginx-core 1.10.3-0ubuntu0.16.04.5+esm1 nginx-extras 1.10.3-0ubuntu0.16.04.5+esm1 nginx-full 1.10.3-0ubuntu0.16.04.5+esm1 nginx-light 1.10.3-0ubuntu0.16.04.5+esm1 Ubuntu 14.04 ESM: nginx 1.4.6-1ubuntu3.9+esm2 nginx-common 1.4.6-1ubuntu3.9+esm2 nginx-core 1.4.6-1ubuntu3.9+esm2 nginx-extras 1.4.6-1ubuntu3.9+esm2 nginx-full 1.4.6-1ubuntu3.9+esm2 nginx-light 1.4.6-1ubuntu3.9+esm2 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-nginx118-nginx security update Advisory ID: RHSA-2021:2258-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2258 Issue date: 2021-06-07 CVE Names: CVE-2021-23017 ===================================================================== 1. Summary: An update for rh-nginx118-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The rh-nginx118-nginx service must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm ppc64le: rh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm s390x: rh-nginx118-nginx-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm ppc64le: rh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm s390x: rh-nginx118-nginx-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23017 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYL3MN9zjgjWX9erEAQjMKA//YaSwGZ/DmvwILuYqYNbIGKvcatycisD6 RrS+A7J9QqTEKqC8mZQ/OvfS5TukanQ/jzTNfRuGuO7booPRlhqVxZVLrSgQNaVD 1FV/cQqXhS/FwmrM8wnWdLpsFUXRXsTqiOoUnymzZbSh1VDjB8VZZLjWc7Wnueqy clLQnYtwMT5axzXRJl/JiXs+yJBmzv5igSFMoGXEKDx6DTrWGtZENE1rpumPAjb6 Y3aDzDZYu4Bl9V1FCUOtksWnmP0Xl/kvSL31aUkyYbyi9i0DpQswmdBH4Bl5ulw2 skkKH69ixA1wu+2D128toUy2ZR/MjX88sH3bCahhY1G4ajp0Vl3/p/kM7VVR5uRi KTVNK8FueNIvp8fMp8oYKhZW9It5DzlMa0Q1QcFfsutgf+932up8qJ9o0mQ9AbVK fBYb8F0hYMDI8udy+npgUM0WwwiBQAqzcHmbnYIRt6IK5f/dUOqucugiJFsbyTl2 pIcJty1208RbrDE/ctTcKuyVbHH9pPOHql5rFlJLAh7yYdHWh6J1QhmdA1RNm51h MEgO5OOVUjrV2mye1c8o7EkTzvuhu2RWQ7WyQc6C81ZlcUcjfNnq73vJ9HBNtNT5 hsiDG/UdvY/thIQmqzSFI3z8ALFKPRUcJ91v/fZNRpBTxcsluN91X7XrHIQDNOs9 jVrMgzAG88I= =av6T -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security fixes: * nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017) * redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626) * redis: Integer overflow issue with Streams (CVE-2021-32627) * redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628) * redis: Integer overflow issue with intsets (CVE-2021-32687) * redis: Integer overflow issue with strings (CVE-2021-41099) * redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672) * redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675) * helm: information disclosure vulnerability (CVE-2021-32690) Bug fixes: * KUBE-API: Support move agent to different cluster in the same namespace (BZ# 1977358) * Add columns to the Agent CRD list (BZ# 1977398) * ClusterDeployment controller watches all Secrets from all namespaces (BZ# 1986081) * RHACM 2.3.3 images (BZ# 1999365) * Workaround for Network Manager not supporting nmconnections priority (BZ# 2001294) * create cluster page empty in Safary Browser (BZ# 2002280) * Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object (BZ# 2002667) * Overview page displays VMware based managed cluster as other (BZ# 2004188) 3. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1977358 - [4.8.0] KUBE-API: Support move agent to different cluster in the same namespace 1977398 - [4.8.0] [master] Add columns to the Agent CRD list 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1986081 - [4.8.0] ClusterDeployment controller watches all Secrets from all namespaces 1999365 - RHACM 2.3.3 images 2001294 - [4.8.0] Workaround for Network Manager not supporting nmconnections priority 2002280 - create cluster page empty in Safary Browser 2002667 - Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object 2004188 - Overview page displays VMware based managed cluster as other 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 5. Description: Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. Container updates: * RHACM 2.1.11 images (BZ# 1999375) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. The following packages have been upgraded to a later upstream version: nginx (1.20.1). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4921-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2021-23017 Debian Bug : 989095 Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code. For the stable distribution (buster), this problem has been fixed in version 1.14.2-2+deb10u4. For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCw3CMACgkQEMKTtsN8 TjYgGA/9FlgRs/kkpLxlnM5ymYDA+WAmc44BiKLajlItjdw54nifSb7WJQifSjND wWz6/1Qc2R84mgovtdReIcgEQDDmm8iCpslsWt4r/iWT5m/tlZhkLhBN1AyhW8VS u1Goqt+hFkz0fZMzv1vf9MwRkUma8SjxNcQdjs4fHzyZAfo+QoV4Ir0I7DIMKkZk N5teHqHIMaDasRZFQSpL8NuZC+JN5EEpB764mV+O/YqVrWeE9QUAnL0FgjcQUnmh iQ5AmMJRtAnQXXu9Qkpx9WtDemHLFHC9JsWEKE3TJAegA4ZhfOo5MZcjesn6EoqV 8rXAAupWzO5/wTxMeulqz4HTLeYPs+jTSONHwT1oG9kgY59jVcNVjg2DcGbG3/17 ueZdGTy70pgLSL6IKILNBgqHh0AqSyyuZmocy07DNGay+HzwuFSBq4RCCved+EPW 4CMtIPSujjPzQqvg15gFNKt/7T2ZfKFR7zVfm0itI6KTjyAhmFhaNYNwWEifX68u 8akhscDlUxmDQG1kbQ2u/IZqWeKG/TpbqaaTrTl6U+Gl1hmRO06Y4AckW1Xwm2r4 CFSO9uHeNte5Vsw+4NlDntzRZOOfJ6qW8x0XF5Vgn7R9mfYPlvIWJgptsgrrijnf lhCPw5JMpzQ4afWlRUvQiaf0lOIySKIfv05wHPtIablmgjIGny4= =qxQw -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // VULHUB: VHN-381503 // VULMON: CVE-2021-23017 // PACKETSTORM: 162819 // PACKETSTORM: 162835 // PACKETSTORM: 162851 // PACKETSTORM: 162986 // PACKETSTORM: 163013 // PACKETSTORM: 164562 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // PACKETSTORM: 165782 // PACKETSTORM: 169062

AFFECTED PRODUCTS

vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lt	version:	1.20.1	Trust: 1.0
vendor:	netapp	model:	ontap select deploy administration utility	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	enterprise session border controller	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	eq	version:	3.4	Trust: 1.0
vendor:	oracle	model:	goldengate	scope:	lt	version:	21.4.0.0.0	Trust: 1.0
vendor:	oracle	model:	communications fraud monitor	scope:	lte	version:	4.4	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	eq	version:	4.3	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	eq	version:	4.4	Trust: 1.0
vendor:	oracle	model:	enterprise telephony fraud monitor	scope:	eq	version:	3.4	Trust: 1.0
vendor:	oracle	model:	communications fraud monitor	scope:	gte	version:	3.4	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	eq	version:	4.2	Trust: 1.0
vendor:	oracle	model:	enterprise telephony fraud monitor	scope:	eq	version:	4.4	Trust: 1.0
vendor:	oracle	model:	enterprise communications broker	scope:	eq	version:	3.3.0	Trust: 1.0
vendor:	oracle	model:	enterprise telephony fraud monitor	scope:	eq	version:	4.3	Trust: 1.0
vendor:	oracle	model:	enterprise telephony fraud monitor	scope:	eq	version:	4.2	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	oracle	model:	communications control plane monitor	scope:	eq	version:	4.4	Trust: 1.0
vendor:	oracle	model:	communications session border controller	scope:	eq	version:	8.4	Trust: 1.0
vendor:	oracle	model:	communications control plane monitor	scope:	eq	version:	3.4	Trust: 1.0
vendor:	oracle	model:	communications control plane monitor	scope:	eq	version:	4.3	Trust: 1.0
vendor:	openresty	model:	openresty	scope:	lt	version:	1.19.3.2	Trust: 1.0
vendor:	oracle	model:	blockchain platform	scope:	lt	version:	21.1.2	Trust: 1.0
vendor:	oracle	model:	communications control plane monitor	scope:	eq	version:	4.2	Trust: 1.0
vendor:	f5	model:	nginx	scope:	gte	version:	0.6.18	Trust: 1.0
vendor:	oracle	model:	communications session border controller	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	enterprise session border controller	scope:	eq	version:	8.4	Trust: 1.0
vendor:	オラクル	model:	oracle communications operations monitor	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle enterprise telephony fraud monitor	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle communications control plane monitor	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	nginx	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	ontap select deploy administration utility	scope:	-	version:	-	Trust: 0.8
vendor:	openresty	model:	openresty	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle communications fraud monitor	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007625 // NVD: CVE-2021-23017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-23017
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-23017
value:	CRITICAL
Trust: 0.8
VULHUB:	VHN-381503
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-23017
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-23017
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-381503
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-23017
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.2
impactScore:	5.5
version:	3.1
Trust: 1.0
NVD:	CVE-2021-23017
baseSeverity:	CRITICAL
baseScore:	9.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-381503 // VULMON: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // NVD: CVE-2021-23017

PROBLEMTYPE DATA

problemtype:	CWE-193	Trust: 1.1
problemtype:	Boundary condition judgment (CWE-193) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-381503 // JVNDB: JVNDB-2021-007625 // NVD: CVE-2021-23017

THREAT TYPE

remote

Trust: 0.3

sources: PACKETSTORM: 162819 // PACKETSTORM: 162835 // PACKETSTORM: 162851

TYPE

arbitrary

Trust: 0.3

sources: PACKETSTORM: 162819 // PACKETSTORM: 162851 // PACKETSTORM: 169062

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-381503

PATCH

title:	Oracle Critical Patch Update Advisory - October 2021 Oracle Critical Patch Update	url:	https://support.f5.com/csp/article/K12331123	Trust: 0.8
title:	Red Hat: Important: nginx:1.20 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220323 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: nginx: CVE-2021-23017: DNS Resolver off-by-one heap write vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=0339ada74619d10f752ff8ffaeb08207	Trust: 0.1
title:	Debian Security Advisories: DSA-4921-1 nginx -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d6e7f162f0da2ae62b9b588e4f3e995a	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2021-1507	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1507	Trust: 0.1
title:	Red Hat: CVE-2021-23017	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-23017	Trust: 0.1
title:	Amazon Linux 2: ALASNGINX1-2023-003	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALASNGINX1-2023-003	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202106-36] nginx: arbitrary code execution	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202106-36	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202106-48] nginx-mainline: arbitrary code execution	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202106-48	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-23017 log	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/Logeswark/helmpackage	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/carayev/kubernetes-nginx-ingress	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/Hopecount123/ingress-controller-update	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/Aswinisurya99/ingress-ngininx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/StuartDickenson/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/rohankumardubey/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/ryanarabety/ingress-nginx-Kubernetes	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/doudou147/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/kartikeyaexpd/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/shaundaley39/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/shoebece/nginx-ingress	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/adityamillind98/ngins	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/maksonlee/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/caojian12345/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/msyhu/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/gmk-git/Kubernetes-Ingress	Trust: 0.1
title:	CVE-2021-23017	url:	https://github.com/ShivamDey/CVE-2021-23017	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/MrE-Fog/ingress-nginxx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/luyuehm/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/lemonhope-mz/replica_kubernetes-nginx	Trust: 0.1
title:	CVE-2021-23017-PoC	url:	https://github.com/M507/CVE-2021-23017-PoC	Trust: 0.1
title:	CVE-2021-23017-PoC	url:	https://github.com/lakshit1212/CVE-2021-23017-PoC	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/zlz4642/ingress-nginx	Trust: 0.1
title:	https://github.com/M507/M507	url:	https://github.com/M507/M507	Trust: 0.1
title:	Polysphere Temp Blog	url:	https://github.com/eggkingo/polyblog	Trust: 0.1
title:	DC:4 Vulnhub Walkthrough	url:	https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough	Trust: 0.1
title:	https://github.com/teresaweber685/book_list	url:	https://github.com/teresaweber685/book_list	Trust: 0.1
title:	Mode Switching Framework	url:	https://github.com/rmtec/modeswitcher	Trust: 0.1
title:	https://github.com/bollwarm/SecToolSet	url:	https://github.com/bollwarm/SecToolSet	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/soosmile/POC	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/manas3c/CVE-POC	Trust: 0.1
title:	Github CVE Monitor	url:	https://github.com/khulnasoft-lab/awesome-security	Trust: 0.1
title:	Github CVE Monitor	url:	https://github.com/khulnasoft-labs/awesome-security	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2022/07/15/cisa_critical_juniper_bugs/	Trust: 0.1

sources: VULMON: CVE-2021-23017 // JVNDB: JVNDB-2021-007625

EXTERNAL IDS

db:	NVD	id:	CVE-2021-23017	Trust: 3.8
db:	PACKETSTORM	id:	167720	Trust: 1.2
db:	JVNDB	id:	JVNDB-2021-007625	Trust: 0.8
db:	PACKETSTORM	id:	163013	Trust: 0.2
db:	PACKETSTORM	id:	162986	Trust: 0.2
db:	PACKETSTORM	id:	162835	Trust: 0.2
db:	PACKETSTORM	id:	165782	Trust: 0.2
db:	PACKETSTORM	id:	162851	Trust: 0.2
db:	PACKETSTORM	id:	164948	Trust: 0.2
db:	PACKETSTORM	id:	162819	Trust: 0.2
db:	PACKETSTORM	id:	162992	Trust: 0.1
db:	PACKETSTORM	id:	162830	Trust: 0.1
db:	PACKETSTORM	id:	163003	Trust: 0.1
db:	EXPLOIT-DB	id:	50973	Trust: 0.1
db:	VULHUB	id:	VHN-381503	Trust: 0.1
db:	VULMON	id:	CVE-2021-23017	Trust: 0.1
db:	PACKETSTORM	id:	164562	Trust: 0.1
db:	PACKETSTORM	id:	164282	Trust: 0.1
db:	PACKETSTORM	id:	169062	Trust: 0.1

sources: VULHUB: VHN-381503 // VULMON: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // PACKETSTORM: 162819 // PACKETSTORM: 162835 // PACKETSTORM: 162851 // PACKETSTORM: 162986 // PACKETSTORM: 163013 // PACKETSTORM: 164562 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // PACKETSTORM: 165782 // PACKETSTORM: 169062 // NVD: CVE-2021-23017

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-23017	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20210708-0006/	Trust: 1.2
url:	http://packetstormsecurity.com/files/167720/nginx-1.20.0-denial-of-service.html	Trust: 1.2
url:	http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.2
url:	https://support.f5.com/csp/article/k12331123%2c	Trust: 1.1
url:	https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3cnotifications.apisix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3cnotifications.apisix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3cnotifications.apisix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3cnotifications.apisix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3cnotifications.apisix.apache.org%3e	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2021-23017	Trust: 0.6
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22922	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-36222	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-37750	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22923	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22924	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-22922	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-22924	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36222	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-22923	Trust: 0.3
url:	https://access.redhat.com/errata/rhsa-2022:0323	Trust: 0.2
url:	https://ubuntu.com/security/notices/usn-4967-1	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-32626	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-32687	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32626	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32675	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3656	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3653	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3656	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37750	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-32675	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-41099	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3653	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32627	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32687	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32690	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32628	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32672	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-32690	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-32627	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-32672	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-32628	Trust: 0.2
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/	Trust: 0.1
url:	https://support.f5.com/csp/article/k12331123,	Trust: 0.1
url:	https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3cnotifications.apisix.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3cnotifications.apisix.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3cnotifications.apisix.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3cnotifications.apisix.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3cnotifications.apisix.apache.org%3e	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/193.html	Trust: 0.1
url:	https://github.com/logeswark/helmpackage	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/gmk-git/kubernetes-ingress	Trust: 0.1
url:	https://www.debian.org/security/2021/dsa-4921	Trust: 0.1
url:	https://alas.aws.amazon.com/alas-2021-1507.html	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu2.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu8.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.9	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/glsa/202105-38	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-4967-2	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2258	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2290	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21670	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25648	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22543	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21670	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41099	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25741	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23840	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25648	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21671	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4658	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-4658	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3925	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37576	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21671	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23841	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-25741	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23841	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23840	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37576	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27777	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29154	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31535	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3653	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32399	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-29650	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27777	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-29154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-32399	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29650	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22555	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-31535	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22555	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22947	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33929	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-0512	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-32803	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3733	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33930	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3711	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4618	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3733	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36385	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3712	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-32804	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33623	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33938	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33929	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36385	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32804	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22947	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0512	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22946	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3711	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33930	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33623	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22946	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33928	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3712	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33938	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32803	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33928	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/nginx	Trust: 0.1

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 162986 // PACKETSTORM: 163013 // PACKETSTORM: 164562 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // PACKETSTORM: 165782

SOURCES

db:	VULHUB	id:	VHN-381503
db:	VULMON	id:	CVE-2021-23017
db:	JVNDB	id:	JVNDB-2021-007625
db:	PACKETSTORM	id:	162819
db:	PACKETSTORM	id:	162835
db:	PACKETSTORM	id:	162851
db:	PACKETSTORM	id:	162986
db:	PACKETSTORM	id:	163013
db:	PACKETSTORM	id:	164562
db:	PACKETSTORM	id:	164282
db:	PACKETSTORM	id:	164948
db:	PACKETSTORM	id:	165782
db:	PACKETSTORM	id:	169062
db:	NVD	id:	CVE-2021-23017

LAST UPDATE DATE

2024-11-22T19:56:55.621000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-381503	date:	2022-09-14T00:00:00
db:	VULMON	id:	CVE-2021-23017	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-007625	date:	2022-02-18T01:21:00
db:	NVD	id:	CVE-2021-23017	date:	2023-11-07T03:30:29.880

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-381503	date:	2021-06-01T00:00:00
db:	VULMON	id:	CVE-2021-23017	date:	2021-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-007625	date:	2022-02-18T00:00:00
db:	PACKETSTORM	id:	162819	date:	2021-05-26T17:36:43
db:	PACKETSTORM	id:	162835	date:	2021-05-27T13:28:42
db:	PACKETSTORM	id:	162851	date:	2021-05-28T14:11:38
db:	PACKETSTORM	id:	162986	date:	2021-06-07T13:45:14
db:	PACKETSTORM	id:	163013	date:	2021-06-08T14:13:55
db:	PACKETSTORM	id:	164562	date:	2021-10-20T15:45:47
db:	PACKETSTORM	id:	164282	date:	2021-09-24T15:49:04
db:	PACKETSTORM	id:	164948	date:	2021-11-12T17:01:04
db:	PACKETSTORM	id:	165782	date:	2022-01-31T16:24:54
db:	PACKETSTORM	id:	169062	date:	2021-05-28T19:12:00
db:	NVD	id:	CVE-2021-23017	date:	2021-06-01T13:15:07.853